ISO 27001 based on IT-Grundschutz (IT baseline protection): Myra Security renews strict BSI certification

MYRA NEWS | 21 October 2021

Myra has successfully completed re-certification according to ISO 27001 based on IT-Grundschutz: This gives our customers the certainty that our DDoS protection and the underlying information network still meet the highest security and quality standards.

To renew the three-year validity of the certificate, Myra has once again undergone the entire certification process of the German Federal Office for Information Security (BSI). This includes an audit conducted by a BSI-certified auditor, including an on-site inspection. The result shows that Myra has implemented all the protective measures defined by the BSI against typical threats to corporate IT.

Only 122 companies worldwide meet the requirements of the BSI

The new certificate (no. BSI-IGZ-0479-2021) confirms that Myra Security’s Information Security Management System (ISMS) ensures the confidentiality, availability, and integrity of all information through suitable technical and organizational measures. This makes Myra one of only 122 companies worldwide (as of October 21, 2021) that meet the strict requirements of ISO 27001 based on IT-Grundschutz.

An ISMS operated in accordance with this standard makes it possible to identify potential threats at an early stage and mitigate them by means of tailor-made countermeasures. The certification attests to a high, legally recognized level of security.

Myra works to the highest quality standards

As a specialist service provider for sensitive and critical sectors like finance, healthcare, and government, it goes without saying that we meet the same stringent IT security requirements as our customers. In these highly regulated areas, certified quality is crucial and has no room for error. Myra is therefore regularly audited by independent auditors.

In addition to ISO 27001 certification based on IT-Grundschutz, Myra has many other quality features. All of our certifications were received in this country and apply to our infrastructures in Germany.

BSI-qualified KRITIS competence

We demonstrated our KRITIS competence in a voluntary audit in June. The audit, which lasted several days, showed that Myra had successfully implemented all the comprehensive protective measures – for example, with regard to IT compliance, business continuity management and ISMS – and fulfilled the security standards in accordance with Section 8a of the BSI Act.

In addition, Myra is one of the leading providers in the BSI comparison. Myra fulfills all 37 BSI performance requirements for qualified DDoS protection providers. This was reconfirmed by the new edition of the BSI comparison in July 2021.

Our certifications at a glance

  • ISO 27001 based on IT-Grundschutz (IT baseline protection): This exacting form of ISO 27001 confirms Myra’s successful implementation of comprehensive measures to protect corporate IT. Our information security management system (ISMS) ensures the confidentiality, availability, and integrity of all information at the highest level.

  • BSI qualified: The BSI catalog contains 37 wide-ranging requirements for DDoS protection providers to qualify for critical infrastructure protection. As one of the leading providers, Myra fulfills all 37 criteria.

  • PCI DSS certified: This certification allows us to securely process over 10 billion euros in credit card transactions annually via Myra’s infrastructure in accordance with the Payment Card Industry Data Security Standard. Not only are we “PCI DSS compliant,” we also have five fully “PCI DSS certified” sites.

  • BSI C5 (in progress): With the C5 attestation, Myra will demonstrate that our cloud services meet all minimum information security requirements in accordance with the BSI Cloud Computing Compliance Criteria Catalog (BSI C5). Customers can use the C5 attestation report as a basis for conducting their own risk analysis.

  • Trusted Cloud in accordance with the Federal Ministry for Economic Affairs and Energy (BMWi): Myra fully satisfies all of the requirements for transparency, IT security, data protection, and legal security associated with the Trusted Cloud label. Our customers can be sure that the confidentiality and security of their data are maintained.

  • Compliant with GDPR and the IT Security Act (IT-SIG)

Related articles