YouTube Disclaimer

To play this video, you must accept cookies from US providers. For details, please see Cookie Settings in our Privacy Policy. Consent to the setting of cookies from US providers can be given either here or under Cookie Settings in our Privacy Policy The revocation of consent already given can be done in the same way.

Back to overview

ISO 27001: Certified information security for our Digital Service Platform

10 Jun 2026
Picture of ticking off the certification © Ei/stock.adobe.com
© Ei/stock.adobe.com

The requirements for secure, stable and traceable IT systems are constantly growing, especially in regulated industries and in the critical infrastructure environment (KRITIS). Our successful ISO 27001 certification proves that we take these requirements seriously and are able to implement them. Our Digital Service Platform (DSP) fulfils internationally recognised standards for information security and thus creates a reliable digital foundation for our customers.

In Digital Property and Facility Management we process countless data every day, from recording and analysing to controlling. At the heart of this is our Digital Service Platform (DSP), which networks all service processes, provides real-time data and enables efficient, scalable and customer-centric services through apps, AI and smart services.

What ISO 27001 certification means

For the ISO 27001 certification, the implemented information security management system (ISMS) was audited and confirmed that information security for DSP is organised systematically and according to defined standards.
As part of the certification process, 93 controls in the areas of organisational, personnel, physical and technical security were successfully audited. The result: our information security is based on clearly defined processes, responsibilities and continuous improvement mechanisms. Risks and weaknesses are systematically identified, assessed and addressed in a targeted manner. Our customers can rely on this.

Relevance of information security for KRITIS and regulated industries

Stable and secure IT structures are essential, especially in the critical infrastructure environment (KRITIS). Operators of critical infrastructures are subject to high regulatory requirements - for example with regard to the availability, integrity and confidentiality of data and systems.
Our ISO 27001 certification is a clear added value here:

Holistic security approach of the Digital Service Platform

The certification supplements existing information security guidelines and certifications within the STRABAG Group as well as security mechanisms of externally provided services with specific processes tailored to our DSP. The result is a comprehensive security concept that combines technical, organisational and strategic aspects.