The deZem system: optimally protected by ISO 27001
Since July 2024, deZem GmbH has been officially ISO 27001 certified. But what does this certification actually mean, how was the process carried out, and what challenges arose along the way? We spoke with our Head of Information Security, Dr. Cornelia Kappler, to find out.
deZem:
Cornelia, deZem now holds an ISO 27001 certificate for an “Information Security Management System” - quite a mouthful. But first, the preparatory work must have been immense. The stress level of the responsible team steadily increased over the past months, and practically everyone at deZem was involved. Why did we take on this huge effort?
Dr Cornelia Kappler:
Absolutely, the effort was intense! We spent over a year preparing for the certification – huge thanks to the deZem Information Security Team, and indeed to the entire deZem team for their support. But it was worth it! Our customers entrust us with their data and need to be confident that our cloud platform is secure, and that our system can withstand cyberattacks and other challenges. We’ve always focused heavily on information security, but having the official ISO 27001 certification has become increasingly regarded as a “license to do business.”
deZem:
Let’s take a closer look at what an “Information Security Management System” actually involves. What does “information security” really mean?
Dr Cornelia Kappler:
At its core, it’s about protecting information – from hackers, natural disasters, or accidental mishandling. This includes both the data itself – for example, our system generates 35 million new measurements daily – and the systems that process it, such as our Edge computers, the deZem platform, and our deZem DataSuite software. Behind this, we operate over 100 virtual machines across multiple data centres. There’s a lot to protect! Our key objectives, or “security goals,” are clearly defined: confidentiality, integrity, and availability of data and systems. Only authorised persons or systems may access or modify data; the data must be accurate; and the systems must run reliably so users can access them at any time. These goals are known in English as the CIA triad – very memorable and practical.
ISO 27001 confirms that deZem operates a comprehensive information security management system.
deZem:
Even our marketing team was involved – for example, stricter rules for using PCs and passwords, and you ran several training sessions. How does such a management system work in practice?
Dr Cornelia Kappler:
It’s all about a systematic approach. We documented all data and systems according to a structured framework and applied consistent measures, covering responsibilities, access control, updates, monitoring, incident handling, and more. Continuous improvement is also key – the well-known PDCA (Plan-Do-Check-Act) cycle helps us learn from mistakes and enhance the system. In practice, this means continuous monitoring of system health, rapid response to issues, prompt resolution of vulnerabilities, and analysing incidents to derive further improvements. Information security is never a one-time achievement; it must evolve alongside new technologies, threats, and system developments – much like energy management, or even the humble act of dusting: as soon as you’re done in one corner, you start again elsewhere.
This highlights another interesting point: information security is not a state you achieve once and then consider complete. It requires continuous effort. New technologies emerge, new attack methods appear, and the deZem system is constantly evolving – so information security must evolve alongside it to ensure the “CIA” triad. It’s very much like energy management or, in our somewhat more prosaic deZem example, dusting: as soon as you’ve finished one round, it’s time to start again from the beginning…
We spent over a year preparing for the certification, so a big thank you to the information security team!
deZem:
Information security has always been an important topic at deZem, and now the systematic approach has been added with the ISO 27001 certification. What were the most interesting findings from the intensive work of the last few months?
Dr Cornelia Kappler:
Having worked as an external ISO 27001 auditor, I know the transformative power of this standard. At deZem, it was incredible to see how much potential a systematic approach unlocks – even though we’ve long prioritised information security. We examined every corner and found areas for improvement – which we addressed. Now we have an excellent overview of all risks to our information security, and we continue to reduce them.
In summary: deZem and our customers can now confidently trust that our systems are resilient, data is protected, and we remain in control even as the security landscape evolves.
deZem:
A perfect closing note, Cornelia. Thank you for your time and the fascinating insights.
Find out more about our certification, our deZem system and our DataSuite:
About deZem
Since 2003, deZem has been developing and supplying hardware and software to network and analyse sensor data from many heterogeneous sources - worldwide with projects in Europe, America and Asia. Originally started in the field of energy controlling, we have expanded our range of products and services over the years into a comprehensive system for IoT data management, from industrial analytics to plant and process monitoring to technical building management. Because the basic idea is the same: to create a scalable platform for collecting and analysing IoT data.
deZem GmbH
Wilmersdorfer Straße 60
10627 Berlin
Phone +49 30 31 800 730
www.dezem.de
Your contact for press and marketing:
Alexander Funk
deZem GmbH, Berlin
More news
Partner webinar: ESG-compliant electricity data acquisition in record time
Mastering energy management and statutory reporting obligations with ease. Our expert, Ms Daffner-Wenger, shares valuable insights into how we managed to install around 5200 electricity sensors for a global retail group in just 10 months.
Electronics technician IoT (m/f/d) wanted
We are looking for innovation-minded colleagues to join our technical team! You are an electronics technician (switching authorisation up to 1000 VAC is a welcome bonus) and have an interest in - and ideally experience with - automation and IoT.
System migration: deZem DataSuite now even more powerful!
We have great news for all DataSuite users! The migration of our IoT software to a completely new infrastructure has been completed smoothly and on schedule.
Project Completion at Douglas: Around 5,200 Current Sensors in 10 Months!
In a ceremonial event, the final Harvy2 current sensor was installed at the Douglas store on Königsallee in Düsseldorf. In just 10 months, we equipped stores in 22 countries with approximately 5,200 sensors.
Project Manager for IoT (m/f/d)
Do you want to make the world a better place and have a knack for organisation and creativity?
Sales Manager / Technical Sales (m/f/d)
Have you always dreamed of making a difference in the world - and do you have a real talent for communication and persuasion?
JavaScript Developer (m/f/d)
We would like to add a JavaScript Developer to our team of excellent and innovation-driven software developers!
DevOps Engineer (m/f/d)
We are looking to add a DevOps Engineer to our team of outstanding and innovation-driven software developers!
Energy monitoring for the Douglas Group
In an ambitious project, the DOUGLAS Group is relying on deZem's expertise to implement ESG-compliant data collection in approximately 1,900 stores across 22 European countries in just 10 months.
deZem at the ZIA Sustainability Congress
On 9 April, this year’s Sustainability Congress of the Central Real Estate Committee (ZIA) will take place in Berlin.