Recertification
Intrexx remains certified according to ISO/IEC 27001:2022. This certification is an internationally recognized proof of a systematically structured information security management system. It confirms that organizational and technical security measures are defined, implemented, and regularly reviewed.
As part of the regular audit cycle, independent experts have confirmed that our systems, technologies, and processes do exactly what they are designed to do: ensure information security at the highest level.
Our Journey to ISO/IEC 27001:2022
Intrexx was first certified according to ISO/IEC 27001:2022 in 2025, transitioning directly from ISO/IEC 27001:2013 to ISO/IEC 27001:2022 without switching to ISO/IEC 27001:2017. The reason for this is simple: the changes between 2013 and 2017 were minor and would have had little impact on our security practices. Therefore, we focused our efforts on the comprehensive innovations of the 2022 version, which reflects modern IT security requirements much more effectively.
ISO 27001 is part of our daily routine
Since our initial certification, we have further refined our risk management processes and embedded security requirements even more firmly in development, operations, and organization. Our security management follows a fixed cycle of risk analysis, action planning, monitoring, and improvement.
The audit examined, among other things, our handling of security incidents, the traceability of risk decisions, the implementation of technical controls, and the effectiveness of measures in daily operations.
For us, recertification means that information security is demonstrably effective in our operations. For our customers, this means that security is not left to chance, but is reliably and consistently implemented.
What is new?
ISO/IEC 27001:2022 updates numerous control measures and adds new requirements. It focuses particularly on topics such as cyberattacks, cloud security, and data protection.
In the area of cybersecurity, threat intelligence mechanisms are key to identifying and assessing risks early on. Information about potential threats is collected, analyzed, and translated into concrete protective measures before they become a real danger. Security event monitoring complements this approach by providing comprehensive surveillance of all activities in IT systems. Unusual processes or suspicious access attempts are detected in real time, enabling rapid intervention.
To prevent security vulnerabilities from arising in the first place, improved configuration management ensures that IT systems and applications are securely configured and regularly audited. This prevents misconfigurations, which are often the entry point for cyberattacks. Secure software development also plays a crucial role: Structured processes and regular code reviews identify and address vulnerabilities during the development phase before they can be exploited.
In addition, protection is enhanced by physical security monitoring, which monitors physical infrastructure such as server rooms and data centers to prevent unauthorized access. This is complemented by web filtering, which selectively blocks access to malicious or unwanted websites. The result is a comprehensive security net that reliably covers both digital and physical risks.
Special emphasis is placed on data protection, which is defined more clearly and practically in ISO/IEC 27001:2022. Requirements for secure data deletion ensure that information is reliably and irrevocably removed, while data masking protects sensitive content by obfuscating or anonymizing it. This is further enhanced by data loss prevention (DLP), which specifically detects and prevents unintended data leaks.
Conclusion
These new measures are not merely a response to current challenges. They represent a crucial step toward a more secure digital world. Early risk identification, consistent vulnerability mitigation, and the adaptation of security processes to modern requirements create a reliable foundation for sustainable data protection and IT security.
Especially now, with cyberattacks becoming increasingly frequent and sophisticated, and the cloud becoming the standard, clear structures and proactive action are essential. Intrexx stands behind these new security measures and offers you the necessary foundation to establish a sustainable and future-proof IT infrastructure.