ISO 9001 / ISO 27001

The external certifications according to ISO 9001 as well as ISO 27001 are proof of our quality thinking, which is actually lived internally and in practice. Certifications for the sake of certificates are foreign to us because they would not represent sustainable added value for us.

ISO 9001 TQMi

The quality of a software product is never achieved by chance; it is always the result of the chosen, consistently implemented and constantly improved procedure. At the beginning of 2004, DEVIGUS began developing a Total Quality Management System (TQM) according to ISO 9004. The gradual implementation began in the summer of 2004, and external certification according to ISO 9001 took place in the second quarter of 2005. Our basic quality policy is based on the following principles:

  • Process Group 1: Leadership
    Openness, honesty, motivation and commitment are the foundations of our corporate management.
  • Process Group 2: Personnel
    We offer our employees a pleasant working environment in which they can bring their strengths to bear and are encouraged to work on their weaknesses. Our expectations are that our employees act on their own responsibility, optimally contribute their potential to the team and thereby ensure above-average performance overall.
  • Process group 3: Service provision
    We want to offer our customers flawless and timely products and services according to their expectations. Our customers rate the quality of our products and services as above average.
  • Process Group 4: Supporting Processes
    We organise ourselves in such a way that we can provide our services efficiently, cost-consciously, qualitatively constantly at a high level and with a high degree of personal responsibility on the part of all our employees. The supporting processes should make our everyday work easier.

TQM was introduced and further developed by Japanese companies in the 1960s, and since the 1980s it has also been used in the USA and Europe. TQM can be seen as a corporate philosophy according to which quality must permeate the entire company, i.e. all operational processes as well as the corporate culture and policy must be constantly improved. The cornerstones and methods of TQM include alignment with customer requirements as a yardstick for quality (every subsequent work process must also be understood as a customer), a special commitment of top management to leadership (employee motivation, definition of quality strategy), integration of all employees at all hierarchical levels, intensive communication and information about work processes, quality circles, training and further education.

ISO 27001 ISMS

Devigus Engineering AG has decided, within the framework of the ISO 27001 Information Security Management System, to consistently adopt and continuously improve the protection of information. The aim is to optimally protect both the internal and the customer data held in the data center with regard to confidentiality, integrity and availability. In addition to a well-founded analysis, improvement measures with short, medium and long-term character are defined. The measures taken are monitored and checked for their effectiveness. In addition, the effectiveness of the system is checked by regular measurements. Within the scope of ensuring availability, a business continuity planning has been drawn up which can also guarantee the external availability times defined on the basis of SLAs in the event of an incident.

The purpose of the security policy is to protect the information assets of Devigus Engineering AG and those of its customers against all relevant threats within a legally sound and economically justifiable framework, whether internal or external, intentional or accidental, and to reduce the effects of damaging events to an appropriate minimum.

Information security treats all information worth protecting in any form, so that the central points of confidentiality, integrity and availability are ensured for all those information values which are necessary for the maintenance of business processes and / or which require special protection due to legal regulations.

The information security policy forms the basis for ensuring and gradually improving information security processes in accordance with ISO 27001/27002. All measures and activities for optimum security at Devigus Engineering AG are derived from this policy. The protective measures taken are appropriate, feasible and practicable. Compliance with these is intended to sustainably improve the current security situation.

  • Confidentiality
    Information is protected from unauthorized access. Only authorised persons may come into possession of the information stored, processed or transmitted.
  • Integrity
    Integrity includes the intactness, completeness, consistency and correctness of the information. Information is complete when all parts of the information are available. Information is correct if the intended facts are described unadulterated - Information is not corrupted on the way from sender to receiver, i.e. there are no duplications, insertions, changes, rearrangements or destruction of information between sender and receiver.
  • Availability
    Information, services, functions or data are available for authorized persons at any time, as far as specified by the business process.

The processing of information is based on a uniform and economically sensible classification across the entire scope of application. The scope of security and control is determined by the value and importance of the information (including confidentiality, integrity, availability).

Objects particularly worthy of protection are classified on the basis of their individual need for protection. Special, standardised security rules and measures are applied for this protection. If security cannot be adequately guaranteed despite these measures, or if their implementation proves to be uneconomical, individual risk analyses limited to the respective objects of protection must be carried out with the aim of identifying individual security measures that also meet the increased need for protection.