Important ISO and DIN certifications for IT remarketing service providers

ISO and DIN certifications

Certifications are procedures that ensure that requirements for specific areas are met. Certifications are part of the conformity assessment. These are always issued for a limited period and monitored by authorized auditors and inspection bodies such as ICG, TÜV, ZN, DEKRA and checked at regular intervals. The most important thing here is the right certificates. Here are the minimum requirements for an IT remarketing service provider with regard to ISO and DIN.

EN ISO 9001


Globally recognized standard and minimum requirement as well as the cornerstone of all other systems. The ISO defines the requirements for quality management, which the organization is committed to with regard to services and products. This and other management systems are subject to a constant improvement process and thus make your new partner better and better.

Further information on the ISO 9000 family.

OHSAS 18001, ISO 45001, ILO-OSH 2001


The global standard formulates the requirements for occupational health and safety management systems.

ISO 45001 was published in March 2018 and replaces the most widely used OHSAS 18001 standard. In addition, there are also companies that have been tested by employers' liability insurance associations on the basis of the “AMS-Arbeitsschutz mit System”, which complies with the ILO-OSH 2001. With these standards you can be sure that all relevant conditions and laws for the protection of personnel and their health are observed.

ISO / IEC 27001


An international standard that sounds important and right. But what added value does it have for you?

ISO / IEC 27001 specifies all requirements for the establishment, implementation, maintenance and continuous improvement of the information security management system. Certainly a rock-solid building block, but not absolutely necessary. Let your future provider show you the technical and organizational measures (TOM) as well as the IT security manual. That should be enough. Voluntary external IT security audits are also a good indicator of security in practice. Much more important is the subsequent certification, which deals with your data and its destruction.

DIN 66399 BDSG


And here comes the most important point. What is the best information security if the process, i.e. the detection, deletion and destruction of data and data carriers, is not considered? For this there is a special test and monitoring based on the requirements of the Federal Data Protection Act (BDSG) according to DIN 66399-3.

It is often wrongly assumed that all companies that state DIN 66399-3 also have protection class 3. But this is a mistake. In the standard, only the process of data destruction is explained and always specified in the same way. The technical and organizational requirements for the process of data media destruction are described.

You will find the protection class in the appendix to the certificate. Minimum requirements should be protection class 2, which includes a high level of protection for confidential data. You can also use the certificate to see whether the company has its own data destruction unit, a so-called media shredder. A comprehensive destruction concept is not possible without this facility.