For many government agencies and companies in the critical infrastructure sector, it goes without saying—and many service providers in the IT, healthcare, and financial sectors have it as well—that they hold ISO 27001 certification. While it is not required by law for everyone, it provides a way to demonstrate compliance with high IT security standards. However, while organizations such as the Federal Foreign Office, the data center of the North Rhine-Westphalia State Finance Administration, and Deutsche Telekom’s Business Solutions GmbH have obtained this certification, it is far less common among digital agencies. As of this year, denkwerk is one of the agencies certified to ISO 27001.
The importance of ISO 27001 for agency partners
The customer's perspective: As a self-certified organization or company, you need external service providers that operate according to the same standards as you do. The same applies to the selection of service providers in the field of information security. And anyone at the helm of an international company wants a standard that applies worldwide. ISO 27001 certification is often cited as a prerequisite for collaboration. In all these cases, it serves as a common, internationally recognized security standard.
For us, this means that our Information Security Management System (ISMS) is aligned with the current version of ISO 27001:22 and serves as the binding framework for all security-related decisions within the company. Through clear processes, continuous monitoring, and targeted risk management, company data is systematically protected.
Even though we already had clear processes in place for information security and data protection, ISO 27001:22 serves as proof of our structured security processes—proof that we were particularly eager to provide to our customers.
Background
ISO/IEC 27001 is the leading standard for information security management systems (ISMS). The standard specifies the requirements for establishing, operating, monitoring, and improving a systematic risk management system for information security. It is based on a holistic approach and serves as a tool for risk management and cyber resilience. Its importance has continued to grow amid rising cybercrime and constantly evolving threats. Globally, just under 100,000 certificates were issued in 2024 (Source: ISO Survey 2024). No current figures are available for Germany. As a certification body, the Federal Office for Information Security (BSI) had issued 598 ISO 27001 certificates based on IT-Grundschutz in 2023 (as of 10/2023), 51 percent of which went to government agencies and 49 percent to companies.
denkwerk was certified to ISO/IEC 27001:2022 by TÜV AUSTRIA on March 30, 2026. The certificate is valid for three years. The certification includes a surveillance audit in both the first and second years following the issuance of the certificate.
What is the ISO 27001 certification process?
Organizations or agencies seeking ISO 27001 certification generally follow these steps:
Establishment of an ISMS
Internal audit
Certification audit
Granting or denial/revocation of the certificate
After receiving the certificate: PDCA cycle (Plan-Do-Check-Act) for continuous improvement
Share this Spark