Back to Overview

Mesalvo Receives ISO/IEC 27001:2022 Certification for Information Security Management

July 2025 – As of June 6, 2025, Mesalvo is officially certified according to ISO/IEC 27001:2022. This certification, based on the internationally recognized standard for information security, confirms that Mesalvo has established an Information Security Management System (ISMS) – ensuring a systematic, sustainable, and documented approach to maintaining information security.

04.07.2025
Share article

The ISO/IEC 27001 certification is an internationally leading standard for Information Security Management Systems (ISMS) and therefore one of the most important certifications in the field of cybersecurity. The certification confirms that Mesalvo has implemented an effective ISMS, manages risks in a structured manner, and maintains processes that support the continuous improvement of information security.

Although this ISO certification is globally recognized and widely adopted, it is not a legal requirement for many companies. Nevertheless, the rise in cyber threats is leading to a shift in awareness: companies need to address information security more strategically. Those who implement and optimize their information security management in a structured way can better identify threats and support the three core protection goals of the ISMS: confidentiality, integrity, and availability of data.
The audits conducted as part of the certification process ensured that this approach was critically reviewed by external experts.

The certification process began in late 2023 with the official project start on November 1, during which the ISMS was gradually built. The first internal audit took place in late 2024, followed by the external initial certification audit in March 2025, conducted by TÜV Rheinland.

The certification has been valid since June 6, 2025 and covers all Mesalvo locations – fully in line with the "One Mesalvo" approach.
It is valid for three years and is accompanied by annual surveillance audits, before re-certification is due in 2028.

The ISMS in accordance with ISO 27001 now complements our management system landscape; Mesalvo has long held certifications under EN ISO 9001 for quality management systems (at the Mannheim and Bochum sites), and under EN ISO 13485 (Freiburg, Stuttgart, and Barcelona), which demonstrates compliance with quality management standards for medical devices.

The implementation of the ISMS and the ISO 27001 certification not only strengthen Mesalvo’s internal processes but also offer measurable benefits for customers.
With certification, Mesalvo protects data through established processes, minimizes risks, and enhances information security.

Part of the certified ISMS is also an effective risk and incident management system.
At the heart of the ISMS, risk management enables the proactive identification of threats and evaluation of resulting risks. This forms the basis for a continuous cycle of assessment, treatment, and re-evaluation of risks.
Incident management ensures that security-related incidents are promptly identified, assessed, and – if necessary – resolved, with the goal of maintaining business continuity and deriving measures to further enhance security.

With ISO/IEC 27001 certification, Mesalvo has established a solid foundation for the professional handling of information security – both internally and in its customer environment.
It marks an important milestone in the continuous improvement of information security and serves as clear evidence that Mesalvo’s customers place their trust rightly.

Follow Mesalvo on Socials