ISO/IEC 27001 Certification

Structured security – audited and verified

ISO/IEC 27001 is the leading international standard for information security management systems (ISMS). The objective of the standard is to manage information security systematically: identifying, assessing, and effectively mitigating risks.

Our ISMS has been certified across the entire lifecycle of our software solutions — from planning through operations. The external audit was conducted by an independent certification body, which reviewed and verified our processes, documentation, and technical measures for full compliance with ISO/IEC 27001 requirements.

The ISO/IEC 27001 certification provides documented proof that information security at Theobald Software is implemented at a high professional standard. This reduces risks in joint projects and increases transparency, particularly in integration and data exchange scenarios. In addition, the certification simplifies procurement and compliance processes, as key security requirements are already demonstrably fulfilled.

Annual surveillance audits and recertification every three years ensure that the ISMS remains continuously effective. At the same time, we continuously enhance our security measures to address evolving threats and requirements.

Zertifikat der Proks Certification GmbH für Theobald Software GmbH, gültig vom 16.04.2026 bis 15.04.2029, gemäß ISO/IEC 27001:2022 für Planung, Entwicklung und Wartung von Softwarelösungen.

Certified Scope

Our ISMS covers:

  • Planning and design of software solutions
  • Development and implementation
  • Operations and service delivery
  • Maintenance and continuous improvement

This makes information security an integral part of all relevant business processes.

Concrete Security Measures

  • Access Control: Expansion of multi-factor authentication (MFA) for business-critical systems
  • Secure Software Development: Integration of automated security checks into CI/CD processes (DevSecOps)
  • Incident Management: Introduction of clearly defined procedures for rapid and traceable responses to security incidentsSupplier Management:
  • Supplier Management: Enhanced security assessments for cloud and service providers across the entire supply chain

As part of the certification process, key security areas were systematically strengthened: