Information security management system: ­INIT certified according to ISO/IEC 27001:2017

This certification proves that INIT’s processes, especially those relating to the development of products and services, meet with the worldwide-accepted requirements of the ISO standard for information security

Image: Companies that use INIT software and have their systems and necessary infrastructure hosted by INIT, greatly benefit from INIT's certification.

Karlsruhe, 23 August 2021

Because of the growing number of cyberattacks and other online threats, extensive data and information security is becoming increasingly essential. INIT was recently certified by a third-party organisation (DEKRA) according to the worldwide recognised standard ISO/IEC 27001:2017. As a certified supplier, INIT can prove that it adheres to strict cyber security in the development, production, implementation (project management process), maintenance and operations of its delivered systems and services. The standard comprises the requirements to be met by an information security management system (ISMS). This includes its continuous improvement.

Complex solutions for operations control and fare management - like the ones offered by INIT - require the exchange of diversified data between user and supplier, e. g. driver data, networks data, operational data or customer data. This concerns implementation, operations and maintenance. Such sensitive information can cause serious damage when data are stolen or used in an impermissible manner. Having INIT as an ISO/IEC 27001:2017 certified partner assures public transport companies that the internal processes and guidelines for dealing with data and systems can be considered state-of-the-art. This is especially important because transportation, including public transport, is generally regarded as one of the critical infrastructure sectors in many cases.

The term ‘critical infrastructure’ refers to companies that are of the utmost importance for any functioning society.  Outages and disturbances would have grave consequences for the country’s population and economy. Because of these companies’ responsibility towards society, they are often bound by law to set particularly high data security standards and be protected against unauthorised access (for example, public transport companies operating an Intermodal Transport Control System - ITCS or a fare management system). They have to have their IT security at the cutting edge of technology and if required constantly improve it. Not only that, they often have to agree to inform their national cybersecurity agency (e.g. the BSI in Germany, the CPNI in the United Kingdom or the CISA in the United States) about the state of their IT security and are obliged to get it regularly checked by the agency’s experts.

Certificate covers customers with software and servers hosted by INIT

INIT constantly receives requests from customers and interested parties demanding to know more about information security. In addition, this topic has gained importance in tenders and contracts. Companies that use INIT software and have their systems and the necessary infrastructure hosted by INIT, greatly benefit from INIT’s certification. They can prove very simply and without any unnecessary bureaucracy that – by relying on INIT as an ISO 27001 certified systems/service provider – their systems and services fulfil the functional capability of the critical infrastructures they operate.

State-of-the-art data and information security

Receiving the certificate was the final step in a long list of groundwork: After third-party experts had performed a gap analysis, internal guidelines and workflows were established, all relevant departments conducted an internal audit and finally, INIT was awarded the external certification. However, the process is an ongoing one: In addition to supervised yearly audits, a recertification audit will be mandatory every three years in order to constantly prove and confirm INIT’s successful work in the area of information security.

We have reached a stage where it is no longer just a question of whether a company will become the victim of cyberattacks but of when it will happen. And the better a company is prepared for this kind of threat, the less grave the consequences will be. Our ISO 27001 certification greatly helps our customers and interested parties to have peace of mind as they know they have a reliable partner by their side who can deliver cutting-edge data and information security. With this certification, we can also cover large public transport companies that are considered being part of critical infrastructure. By adopting the ISO standard and by committing to continuously improve in this field, we will be able to ensure that public transport is safer and more secure from cyberattacks.

Achim Becker

Managing Director INIT GmbH


Klaus Janke

Executive Director