en
Support
SerNet has successfully obtained ISO/IEC 27001:2022 certification. The associated audit was completed without any nonconformities. The certification was granted on a full-scope basis: it covers all products and services of SerNet GmbH and SerNet Inc. The certified scope includes the provision of services and the development of software solutions in the areas of IT infrastructure and information security.
The certification confirms a commitment that has been central to SerNet for many years: Information security is not merely part of the consulting and technical work we provide for our clients. It is also systematically organized, documented, and verifiably implemented within our own company. SerNet has been operating in accordance with the requirements and principles of ISO 27001 for nearly 20 years. With this certificate, this established practice is now also verifiable externally.
Information security as part of corporate culture
ISO/IEC 27001 is the international standard for information security management systems. Such an ISMS describes how information security is systematically managed: with clear responsibilities, risk assessment, measures, processes, and evidence. For customers, partners, and suppliers, the certification creates a reliable foundation. SerNet can thus demonstrate compliance with many information security requirements through a recognized certificate.
The fact that SerNet has achieved full-scope certification is the result of long-term work. Existing processes, evidence, and responsibilities were reviewed, organized, and documented in a traceable manner. Managing Director Reinhild Jung emphasizes the strong performance of all company divisions: “This certification underscores how deeply information security is rooted in our corporate culture. The fact that we passed the audit without a single non-conformity is an outstanding success for the entire team. My heartfelt thanks go to all my colleagues for their diligence and perseverance.”
Stanislav Striegler, Information Security Officer at SerNet, sees the certification as both a confirmation and a mandate: “Our ISMS is robustly established. This is a strong result that we can be proud of. At the same time, however, we must look ahead: An ISMS remains effective only if risks are regularly assessed, measures are tracked, evidence is maintained, and requirements are translated into everyday practice. This is exactly what we are continuously working on.”
Accredited proof for customers and partners<
For customers, the certification is an important anchor of trust. SerNet supports organizations in the areas of secure IT infrastructure, open source, compliance, and ISMS and GRC topics. Its own ISO 27001 certification demonstrates that SerNet not only understands these requirements from customer projects but also applies them to itself.
Managing Director Oliver Seufer also emphasizes this combination of consulting, software development, and in-house implementation: “With verinice, we have been developing an open-source tool for ISMS, data protection, and GRC for many years. The ISO 27001 certification demonstrates that we engage with information security management not merely as a software manufacturer or service provider. We subject our own company to the same requirements and live by them in our daily operations.”
The certification is valid until April 2029. For SerNet, it is a formal milestone, but not the end of the journey. Information security remains an ongoing task.
m, njkh
