Information is the most important economic asset for media companies. Accordingly, information security and data protection are key issues in the media industry - especially against the backdrop of rapidly increasing cyber attacks and state-motivated disinformation campaigns. But how does a service provider for large public and many private broadcasters deal with this challenge? LOGIC media solutions GmbH, a German system architect for professional digital moving image solutions, has paid the utmost attention to this Achilles' heel and thus the vulnerable points of its systems. LOGIC's information security management system, which was recently certified in accordance with ISO 27001, is right at the forefront. Read this case study to find out how many and which cogs had to interlock and how.
Information security in the media industry: Broadcasting with ISO 27001 certificate
Change in the broadcast industry
As a system architect for hybrid professional moving image infrastructures, LOGIC media solutions GmbH is one of the leading designers of sophisticated media landscapes. In 2024, the company developed and implemented a consistent information security management system (ISMS) and had it certified to ISO 27001 by DQS in order to become even more robust in terms of information security and cyber security and to create internal structures for consistent compliance with industry-specific security standards.
The technical requirements profile for broadcast technology differs significantly from that of traditional IT - if only in terms of the transmitted bandwidths, QoS requirements and protocol diversity. The high costs for the special equipment required lead to longer product life cycles and therefore to delayed technological change. However, open IP networks and flexible cloud tools are now also ubiquitous in the broadcast industry - the advantages offered by convergence are too attractive: from increased efficiency through decentralized collaboration to simpler network orchestration.
However, technological change also brings with it many of the classic problems of the IT industry in broadcasting: the integration of countless IP-based endpoints in global, essentially open networks multiplies the gateways for cyber criminals and leads to countless vulnerabilities that can result in dangerous information security incidents.
Information security in the media industry
High KRITIS requirements
As public broadcasting is a critical infrastructure (KRITIS), the requirements and regulatory specifications for information security in the digital space have become much stricter in recent years - a development in compliance that even a medium-sized, highly specialized digital service provider like LOGIC cannot ignore:
"With under 50 full-time equivalents, we are actually below the NIS 2 scope for the important institutions. But since our main customers come from the public broadcasting sector and we often have external system access, we have to meet increasingly stringent security requirements - keyword: supply chain security," explains Markus Reinisch, Authorized Signatory & Lead of Finance and Administration at LOGIC.
"At the same time, our focus on information security and ISO 27001 certification is also intrinsically motivated," Reinisch continues. "In fact, there have already been social engineering attacks at major broadcasters in which attempts have been made to gain access to the broadcasting system via employee and subcontractor access points. As a service provider that works closely with broadcasters, we want to send a clear signal that our customers can rely on us. The successful implementation and certification of an ISMS in accordance with ISO 27001 helps us to demonstrate this trustworthiness and is therefore a valuable door opener for many exciting projects."
Cybersecurity with a customized ISMS
The decision to obtain ISO 27001 certification at LOGIC was already made in 2022 - even before the topic of information security became a global issue in the broadcast industry. The project was then launched in March 2023, initially with the calculation of costs and effort, then with initial discussions with DQS as the certifier and Data Guard as the service provider for consulting and support in the development and operation of the management system. Implementation finally began in May 2023.
"Due to our high intrinsic motivation to build an effective and tailor-made information security management system, we were never interested in simply working through standardized document and process templates," explains Niklas Ehrenklau, Media Engineer and Deputy ISB at LOGIC. "Instead, we wanted to make information security a living part of our corporate culture. To do this, we had to develop a deep understanding of the ISO standard, derive impulses for concrete improvements and implement these in a customized ISMS. Compared to using standard templates, this meant a certain amount of additional work, which we were able to reduce with the help of Gen AI tools, and ultimately generated enormous added value. In the course of ISMS development, we discovered many exciting synergy effects between our process tools, which we were ultimately able to combine and standardize in our central ERP system."
Thanks to AI, we have probably saved half the time required to write the ISMS.
The team as a key success factor
The topic of change management played a central role in the introduction of the ISMS, as the many procedural changes meant that employees had to change their routines. To ensure a smooth change process, it was therefore important to sensitize employees and get them on board so that they would consistently support the changes.
"Of course, the extensive changes also caused some turmoil within the workforce," Markus Reinisch recalls. "The introduction of the least privilege principle, the consistent enforcement of robust password guidelines including a password manager or the locked entrance door that employees face if they forget their key - to name just a few examples. Of course, these are all changes that employees will initially notice, regardless of whether they agree with the changes or not."
"That's why," emphasizes Reinisch, "right from the start, we attached great importance to communicating transparently and constantly about the changes in our dailies, weekly meetings and town hall formats and conveying to our colleagues: 'We know that some people will have to get used to it first, but we need it'. The fact that the project was initiated by our management, which also fully supported us in its implementation and provided us with capital and authority - keyword: corporate responsibility - naturally helped a lot."
Everyone loves change, but no one likes to be changed.
Courage to take controlled risks
This responsibility of the management also applies to the active risk management required by the standard: ISO 27001 requires every company to take appropriate measures to minimize security gaps - but also leaves them room to consciously accept certain risks.
"Not only recognizing potential dangers, but also correctly assessing them was an important learning process for us," explains Niklas Ehrenklau in retrospect. "Every risk has to be addressed - but that doesn't mean that all the measures that the standard theoretically provides for have to be implemented. A smaller company like us in particular can also save a lot of money by weighing up the risks without having to make any real sacrifices in terms of security. A good example is the issue of video surveillance of our premises - we deliberately said: since we hardly store any valuable goods and our data is double-secured, a normal alarm system is enough for us. We communicated this in the external audit by DQS."
Information security in the media industry
Successful certification without non-conformity
In June 2024, LOGIC passed the certification audit by DQS without any non-conformities. With regard to the particularly detailed implementation, a high level of maturity was even attested, which is rarely found in initial certifications. "LOGIC did a lot of things right right from the start," summarizes DQS Lead Auditor Antje Degener. "They have dealt intensively with the ISO 27001 standard and tailored their ISMS precisely to their business operations. This enabled LOGIC to convincingly explain to us why they accept this or that risk as part of a reflected risk management system. In addition, they have defined clear processes for implementing and updating their management system and document all implemented measures and processes transparently in a central tool - which made the audit much easier for all sides."
"The ISO 27001 standard is much more agile than it appears on paper."
Niklas Ehrenklau also has fond memories of the audit process: "In addition to the high degree of individualization of our ISMS, a key factor for our good performance was certainly the close cooperation with the experienced auditors from DQS, who showed us potential for improvement even during the certification process. It wasn't just an audit, but an audit with added value."
"It wasn't just an audit, but an audit with added value."
After the audit is before the audit
LOGIC's ISMS project is by no means complete with the award of the ISO 27001 certificate: Rather, the company is now setting about anchoring information security even more firmly in the corporate culture and further sharpening the team's awareness. The information security management system as such is also seen as a living organism that needs to be continuously reviewed and optimized as part of regular internal and external audits. LOGIC is therefore taking its time with the final project review: a final assessment will not be carried out until the first full certification cycle has been completed in July 2028 as part of the recertification process.
"With the standard, we have laid a solid foundation for our future economic success."
Markus Reinisch's initial interim assessment is already very positive: "Even though we won't have a final evaluation of our ISMS until 2028, we can already see that we are benefiting from it in many ways. For example, because the certification means we have to do a lot less convincing in tenders and don't have to submit pages of specifications for our security standards - the ISO seal speaks for itself. We also receive a lot of positive feedback from the industry and are seen as a trustworthy partner thanks to the certificate. In short: with the standard, we have laid a solid foundation for our future commercial success."
Jens Gnad, Managing Partner of LOGIC media solutions, also sees the successfully completed certification project as an important milestone: "The introduction of an ISMS was more than just a formal certification project for us - it was a strategic step in our transformation from a traditional reseller to a service organization for complex broadcast and cloud infrastructures. Information security has long since become a basic requirement in our industry, which is part of the critical infrastructure - not only technically, but also culturally. The fact that we were able to achieve an ISO 27001 certificate with a small, highly specialized team without non-compliance makes us proud and we owe it to the extraordinary commitment of our employees."
"Information security is no longer an optional extra - it's business-critical!"
Broadcast service provider
About LOGIC media solutions
LOGIC media solutions GmbH is a German system architect and service provider with over 25 years of experience in the broadcast and media industry. The company develops customized digital solutions for professional media infrastructures - from live productions and file-based workflows to hybrid and cloud-based production environments. The focus is on combining technical precision, in-depth industry knowledge and a clear view of tomorrow's requirements.
With its services, the company offers a modular framework for consulting, planning, implementation and operation of technical media infrastructures. The aim is to implement complex requirements in an efficient, structured and future-proof manner - tailored to existing systems and strategic goals.
As an Amazon Web Services Advanced Partner for commercial and public customers, LOGIC supports the entire value chain of cloud-based media workflows. The specially developed orchestration solution PORTAL serves as a central platform for the simple provision, management and scaling of media infrastructures in the cloud. If required, the range of services is supplemented by a complete managed services offering and practical training courses at the LOGIC Media Training Center (LMTZ).
Expertise and trust
The holistic, neutral view of our experienced auditors on people, processes, systems and results shows how effective your information security management system is and how it is implemented and managed. It is important to us that you receive certification according to the ISO standard as an enrichment for your management system rather than a test.
Our audits provide you with clarity. Our customers see this as an opportunity. For them, the independent auditor's feedback on improvement potential and possible risks is just as valuable as a DQS certificate as proof of their quality capability. To ensure that this remains the case, we pay strict attention to integrity and objectivity - you can read more about this in our audit philosophy.
Matthias Vogel
Since 2010 Matthias Vogel has been press secretary at DQS GmbH and responsible for technical publications. As Senior Content Manager he is jointly responsible for finding topics for the German language DQS blog "DQS in Dialogue", for coordination with authors, and for editorial work. Matthias Vogel is the editor of the regularly published DQS newsletter "Business Insights" and thus provides you with information and knowledge about audits and certification.
