Well-thought-out IT Management - Leibniz-Rechenzentrum

The Leibniz Supercomputing Centre has been certified in accordance with European standards (ISO/IEC) for IT service management and information security for the third time.

The verdict is positive: “The audit confirmed a mature, structured and continuously developed Integrated Management System for Service and Information Security (I/SMS), with stable processes, appropriate risk management and clear management involvement,” wrote the DEKRA auditors in their audit report on the Leibniz Supercomputing Centre (LRZ). Prior to this, LRZ employees from all departments spent five days presenting the centre's service offerings, the processes and procedures for dealing with potential service disruptions and security incidents, and the internal and external communication channels. They also answered critical questions. While there are a few areas for improvement, the LRZ has already received the certificates for IT service management (ISO/IEC 20000) and information security (ISO/IEC 27001). “ISO 20000 certification ensures our service quality, which our customers and users greatly appreciate,” says Prof. Helmut Reiser, LRZ's deputy director. “ISO 27001 certification signals that we meet internationally recognised standards in information security and security management. This creates trust and strengthens our market position.”

Continuously improving processes

The LRZ was first certified in 2019. The necessary management process audits are now repeated every three years to ensure that the certificates are reissued. In the intervening years, smaller, random monitoring audits on specific topics are carried out, as is the checking of the regulation of deviations. While the auditors previously praised the good internal communication in the data centre and the commitment of the employees, this time they commended the well-considered management. They also noted that work had been done on the processes since the first certification: “Due to the high level of interest shown by management and the commitment of the core team, a highly structured integrated management system is in place, which has been further developed through continuous improvements in this cycle as well,” the report continues. “The service management processes anchored in the I/SMS are established and are being implemented. Incident, major incident and service request management are clearly regulated and were verified in the audit using specific services.”

Security for everyone involved

Certificates improve the quality of the service and ensure security for all parties. The tests and assessments are based on defined norms and standards. If these are complied with, users can assume that IT services will be provided reliably and that their data or information will be secured and handled in accordance with applicable law using proven strategies. Conversely, constantly questioning internal processes stimulates innovation. "Certification promotes a culture of continuous optimisation of IT services," Reiser continues. “Clearly defined processes and responsibilities set us apart from other data centres.” (vs | LRZ)