Specops Solutions Gmbh
Speciality: Offensive Security and Simulated Attack Testing
Cybersecurity firm headquartered in Germany; offers penetration testing and red team services, with a focus on offensive security and simulated attack testing.
ISO/IEC 27001: Information Security Management System Certification
Origin
ISO/IEC 27001 was developed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), first published in 2005 and most recently updated in 2022. It evolved from the British Standard BS 7799, which was created in the 1990s by the UK government and industry experts to address growing information security concerns. The standard was developed to provide organizations with a systematic framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS), helping them protect sensitive data in an increasingly digital business environment.
Industry Value and Importance
ISO/IEC 27001 is globally recognized as the gold standard for information security management, valued because it demonstrates an organization's commitment to protecting confidential information through risk-based controls and continuous improvement. The certification is particularly important for organizations handling sensitive data, as it helps them comply with legal and regulatory requirements, win contracts (especially with government entities and large enterprises), and build customer trust. Many industries require or strongly prefer vendors with ISO 27001 certification, as it provides independent verification that appropriate security controls are in place, reducing the risk of data breaches and ensuring business continuity in the face of evolving cybersecurity threats.
ISO 22301: Business Continuity Management
Origin
ISO 22301 was developed and published by the International Organization for Standardization (ISO) in 2012, with a major revision released in 2019. It emerged from the need for a globally recognized standard for business continuity management systems (BCMS), replacing the earlier British standard BS 25999-2. The standard was created to help organizations of all sizes and sectors prepare for, respond to, and recover from disruptive incidents that could threaten their operations.
Industry Value
Note: ISO 22301 is actually a business continuity management certification, not specifically a cybersecurity/IT certification, though IT resilience is often a key component. Organizations value ISO 22301 certification because it demonstrates a systematic approach to identifying potential threats and maintaining critical business functions during disruptions. The certification is particularly important for organizations that must prove operational resilience to clients, regulators, and stakeholders. It provides a competitive advantage by showing commitment to minimizing downtime, protecting revenue streams, and ensuring service delivery even during crises—whether those involve cyber incidents, natural disasters, or other operational disruptions.
ISO 31000
Origin
ISO 31000 was developed by the International Organization for Standardization (ISO) and first published in 2009, with subsequent revisions in 2018. The standard was created by ISO Technical Committee 262 (ISO/TC 262) on Risk Management, which brought together risk management experts from various countries and industries. It was developed to provide universal principles and guidelines for risk management that could be applied across all sectors and organizations of any size, replacing earlier risk management standards and establishing a common framework for identifying, assessing, and managing risks systematically.
Industry Value
For penetration testing and cybersecurity companies, ISO 31000 provides a structured approach to identifying and managing the full spectrum of risks involved in security assessments and operations. Penetration testing firms reference or align with ISO 31000 to demonstrate their capability to conduct comprehensive risk-based security evaluations, ensuring that testing scope and priorities are properly determined based on client risk profiles. The standard helps these companies establish credible risk management processes that complement technical security work, providing clients with confidence that the organization can effectively assess threats, vulnerabilities, and business impacts. By adopting ISO 31000 principles, penetration testing companies can better communicate security findings in business risk terms, support clients' broader enterprise risk management programs, and differentiate themselves as mature organizations that view cybersecurity through a holistic risk lens rather than purely technical metrics.
ISO 20000: IT Service Management Certification
Origin
ISO 20000 was developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), first published in December 2005. It was based on the earlier British Standard BS 15000, which was created by the British Standards Institution (BSI). The standard was developed to provide organizations with a internationally recognized framework for establishing, implementing, maintaining, and continually improving an IT Service Management System (ITSMS), largely aligned with ITIL (Information Technology Infrastructure Library) best practices.
Industry Value and Importance
ISO 20000 is highly valued in the industry as it demonstrates an organization's commitment to delivering quality IT services consistently and efficiently. The certification provides assurance to customers and stakeholders that an organization follows industry best practices for service management, can manage risks effectively, and maintains controls for service continuity. For businesses, achieving ISO 20000 certification often leads to improved service delivery, better resource management, enhanced customer satisfaction, and competitive advantages in bids and tenders, particularly in government contracts and large enterprise deals where certified vendors are preferred or required.
TISAX: Trusted Information Security Assessment Exchange
Origin
TISAX (Trusted Information Security Assessment Exchange) was created by the ENX Association (European Network Exchange) in 2017 at the request of the German automotive industry, specifically the VDA (Verband der Automobilindustrie - German Association of the Automotive Industry). The certification was developed to address the automotive sector's need for a standardized, mutual recognition framework for information security assessments. It was created to reduce the burden of multiple audits on suppliers, as automotive manufacturers were each conducting their own security assessments of shared suppliers, leading to duplication and inefficiency.
Industry Importance
TISAX has become essential for companies working with the automotive industry, particularly in Europe, as many major manufacturers now require it from their suppliers and partners. The certification provides a trusted, industry-recognized validation of a company's information security practices, protecting sensitive data such as intellectual property, product designs, and business information. Its importance stems from the mutual recognition principle—once a company achieves TISAX certification, the results are shared across participating organizations, eliminating redundant audits and creating efficiency while maintaining high security standards. For suppliers, TISAX certification has become virtually mandatory to maintain or establish business relationships with automotive OEMs and tier-1 suppliers.
- Interrogare GmbH