HLRS Achieves ISO 27001 Certification for Information Security Management

Keyvisual image main
Dr. Martin Hecht (center) oversees HLRS's information security management system and led the ISO 27001 certification process. Also pictured (l-r): Thomas Beisel (Head, HLRS Division of Software and Systems), Prof. Dr. Michael Resch (Director, HLRS), Dr. Bastian Koller (Managing Director, HLRS), and Inna Wöckener (Finance and Project Administration, Sustainability, HLRS).

The international ISO standard defines requirements for the implementation of an information security management system and serves as a basis for auditing and certification by accredited certifying organizations.

The High-Performance Computing Center of the University of Stuttgart (HLRS) is pleased to announce that it has completed certification under the International Organization for Standardization (ISO) 27001 standard for information security management. ISO certification confirms that HLRS has implemented a comprehensive information security management system (ISMS), which details technical and organizational measures for identifying security threats to stored data, and for preventing and reacting to attacks. This includes protecting high-performance computing systems from unauthorized access and usage. 

“Achieving ISO 27001 certification confirms via an external audit that HLRS follows industry-standard best practices for information security management,” said HLRS Director Prof. Michael Resch. “It should give users of our high-performance computing systems the confidence that their data are well protected, and should reassure our funders that our supercomputer and other systems are not used in inappropriate ways. Finally, this certification will ensure that HLRS updates and improves its security measures on a continual basis to address new threats that might arise in the future.”

The scope of HLRS’s information security management system contains the provision of computing time on its high-performance computers as well as the supporting processes for operating the production environment. It establishes policies that address potential security risks at all levels of the organization, covering hardware, software, facilities, and personnel. It also defines procedures for identifying and reacting to information security breaches in an appropriate manner. In addition, the ISMS establishes clear roles and responsibilities for managing information security. It provides a framework for tracking the effectiveness of security measures and requires that the entire HLRS staff be informed of and comply with information security policies. Moreover, the ISMS sets guidelines for HLRS’s product suppliers and their subcontractors, ensuring that they adhere to stringent secrecy and procedural requirements.

Certification under ISO 27001 complements steps that HLRS took prior to 2021, when it completed a data security assessment in accordance with the TISAX (Trusted Information Security Assessment Exchange) framework.

The Information Security Office of the University of Stuttgart (RUS-CERT) advised, supported, and accompanied HLRS over several years during preparations for its TISAX data security assessment and certification under the ISO/IEC 27001 standard. Chief Information Security Officer Oliver Göbel, who is responsible for the overall ISMS of the University of Stuttgart and is a certified ISO/IEC 27001 auditor, welcomed the successful certification, saying, “The certification is a milestone and an explicit expression of HLRS’s high information security standards. HLRS’s ISMS is an important building block in the context of the overall ISMS of the University of Stuttgart. I am very pleased about the certificate, which was issued immediately after the first audit without the need for additional improvements. This happens very rarely and so I congratulate and thank all of my colleagues who were involved.”

TÜV NORD CERT GmbH performed HLRS’s ISO 27001 audit, which consisted of a thorough documentation review, a site visit, and an examination of the security processes that the center has implemented.

— Christopher Williams