VdS 3473 protects SMEs against cybercrime. // Multi-layered processes ensure required levels of protection. // New Standard creates an important foundation for insurers issuing cyber policies.
Cologne, February 2016. Cybercrime and attacks on IT systems are now sadly commonplace for most businesses. “In particular, small and medium enterprises (SMEs) are often in the sights of cybercriminals because they are mostly highly innovative, but have at the same time insufficient protection in the field of IT security,” says VdS-CEO Dr. Robert Reinermann. A major reason is the conventional security standards, which often overwhelm SMEs.
With the publication of the guidelines “VdS certified cyber- security” (VdS 3473) and a corresponding range of new services VdS is responding to this security risk in the SME sector. Behind the industry-neutral guidelines are underlying measures specifically tailored to SMEs, by which the information security status of a company can be audited and certified. The minimum requirements for information security are designed so that SMEs are not organisationally or financially overwhelmed. With about 20% of the outlay in comparison to ISO 27000, SMEs can divert to the upward compatible VdS guidelines, measures and processes, as they ensure the required level of protection in the IT sector. In addition, a certification in accordance with VdS 3473, can also at all times be the entry into the ISO 27000 series certification, to which VdS also offers certifications.
VdS-certified cyber security generates a high level of trust with customers and suppliers and lead to competitive advantages for certified companies. To pave the way for certification to VdS 3473, VdS offers two practical tools: The VdS Quick Check – a free web tool that is available on the Internet at www.vds-quick-check.de (soon also in English) which enables companies to gain a first impression of the status of their cyber security. The results can be subsequently verified on the spot by VdS in a so-called Quick-Audit and the client provided with measures that if required, need to be taken. In addition, VdS has within the training courses “Information Security Officer” and “VdS 3473” – Guidelines for “information security” supporting educational opportunities in the program.
The guidelines VdS 3473 and further information on cyber security can be found for free download at www.vds.de/cyber. An English version of VdS 3473, like the English VdS Quick-Check will soon be available.