An accreditation perspective on information security management systems (ISMS) and data protection in Germany and Mexico

The ongoing digital transformation leads to an explosion of data. Ensuring that this data is secure and protected is therefore crucial. Certifications play a key role in that. The international standard ISO/IEC 27001 provides requirements for an Information Security Management System (ISMS) and is thereby one of the most important certifications for cybersecurity. It encompasses aspects such as availability, confidentiality, and integrity of data at every level of an organisation. Data protection focuses on protecting data from internal and external threats, reducing the risk of fraud and corruption, and protecting individuals. Certification in this area can demonstrate compliance with relevant laws and regulations in this field such as the General Data Protection Regulation (GDPR).

Accreditation is crucial for strengthening the confidence in information security and data protection certification. The publication “An accreditation perspective on information security management systems (ISMS) and data protection” provides an overview of the approaches and processes followed by the German and Mexican accreditation bodies to accredit certification bodies in the respective fields.

The publication has been developed within the framework of the German-Mexican Dialogue on Quality Infrastructure (QI). It is a result of the collaboration between the German Federal Ministry for Economic Affairs and Climate Action (Bundesministerium für Wirtschaft und Klimaschutz - BMWK) and the Mexican Ministry of Economy (Secretaría de Economía), as well as the technical exchange between the German National Accreditation Body (Deutsche Akkreditierungsstelle – DAkkS) and the Mexican Accreditation Body (entidad mexicana de acreditación a.c. – ema).