How a penetration test complements ISO 27001 and BSI C5

The fact that data theft through cyberattacks poses a real threat in our increasingly digital world is certainly not new knowledge. For many companies and public authorities, however, it is an everyday reality and essential to their daily operations that sensitive data is exchanged. It is therefore all the more important to know that secure data exchange is possible.

Security in Tandem

FTAPI is committed to providing our customers with the most secure data exchange and automation solutions possible. Following the principle "two is better than one," we have long held ISO 27001 and BSI C5 certifications, both of which set stringent requirements for corporate security. To achieve successful certification, the highest security standards must be met, and IT security regulations adhered to.

However, it quickly became clear: there is room for even more. In autumn 2022, we underwent a penetration test by the renowned SySS GmbH and successfully passed. Over 15 days, our web application was rigorously tested. After implementing a few minor improvements, we received the award in early 2023. The penetration test confirms that

• the FTAPI platform provides an above-average level of IT security

• SecuMails, SecuRooms, SecuForms, and SecuFlows are free from security vulnerabilities

• FTAPI has taken all necessary measures to protect our customers' data

Kornelius Brunner, our CPO, is pleased with the result: “The successful penetration test is an important milestone not just for us, but also for our customers. It is further proof that their confidential, sensitive data is optimally protected with us.”

What happens during a penetration test?

A penetration test (or pentest for short) is a simulated attack on a computer system, network, or application. It is used to uncover security vulnerabilities. This allows weaknesses to be identified before they can be exploited by malicious actors.

In general, a penetration test consists of several steps that are thoroughly documented. This ensures that the results are understandable and provide insights into how and where security gaps can or must be closed. At FTAPI, we have successfully conducted such penetration tests internally and with our customers in the past.

Receiving confirmation from an independent service provider like SySS GmbH that our products meet the highest security standards is great news not only for us but also for our customers. “An independent penetration test is of great importance to us,” says our CTO Michael Krinniger. “With SySS, we were confident that the review would be conducted by experts with the necessary experience and knowledge to identify potential vulnerabilities.”

Conclusion: staying one step ahead of cybercriminals

The successful penetration test is a key milestone. Together with the ISO 27001 and BSI C5 certifications, we have taken another step to ensure that our customers' data is protected and will remain so in the future. For this reason, we have now established a process to repeat the penetration test annually. This is the only way to meet our high-security standards. Because one thing is certain: only through continuous development and critical evaluation of security measures can we stay one step ahead of cybercriminals.