The Sector Committee on Information Security Management Systems / Data Protection deals in the first instance with questions concerning the accreditation of certification bodies in the area of data protection. Its main focus is on developments relating to the accreditation of certification schemes and certification bodies at both the national and European levels. The bodies with influence in this area are not only the independent power-conferring data protection authorities of the German states, but also the European Data Protection Board (EDPB). For the data protection subject field, the sector committee includes representatives of the independent data protection supervisory authorities of the states, the scientific community and scheme owners.
Subcommittee to be established
The Information Security Management Systems subcommittee is currently being established. Its focus will be on all issues related to management systems from the various areas, including for example information security management systems in accordance with DIN EN ISO/IEC 27001:2017-06, also in the area of the IT security catalogue pursuant to Sections 11 (1a) and (1b) of the German Energy Industry Act (EnWG), or anti-bribery management systems as set out in DIN ISO 37001:2018-05.
The Sector Committee on Information Security Management Systems / Data Protection is made up of the two subject fields Information Security Management Systems and Data Protection. It was established in 2019 in response to the new area of accreditation of certification bodies in the area of data protection. At the same time, the area of information security management systems is being transferred from the former Sector Committee on Information Security / Information Technology to this sector committee.
Dr. Sönke Maseberg
Karlsruher Institut für Technologie (KIT)