CTW Data Solutions GmbH — ISMS

Information Security Management System

ISO/IEC 27001:2022 & SOC 2 Documentation · quick-id.com · Version 2.0 · March 2026

Confidential

This documentation is confidential and intended for authorised personnel only. Do not share access credentials or links with unauthorised parties.

What is this?

This portal contains the complete ISMS documentation for CTW Data Solutions GmbH, the company behind Quick-ID — a global document verification and OCR SDK platform.

It covers both ISO 27001:2022 and SOC 2 compliance, with shared policies, aligned controls, and a unified evidence index. All documents are version-controlled via Git.

---

Document Index

Policies (shared across ISO 27001 & SOC 2)

ID	Document	Status	Frameworks
POL-001	Information Security Policy	✅ Active	ISO 5.2 / CC1.1
POL-002	Access Control Policy	✅ Active	ISO A.5.15 / CC6.1
POL-003	Acceptable Use Policy	✅ Active	ISO A.5.10 / CC1.4
POL-004	Data Classification Policy	✅ Active	ISO A.5.12 / C1.1
POL-005	Change Management Policy	✅ Active	ISO A.8.32 / CC8.1
POL-006	Cryptography Policy	✅ Active	ISO A.8.24 / CC6.7

Procedures

ID	Document	Status	Frameworks
PROC-001	Incident Response Plan	🔄 Draft	ISO A.5.24 / CC7.3
PROC-002	Business Continuity Plan	✅ Active	ISO A.5.29 / A1.2
PROC-003	Internal Audit Procedure	✅ Active	ISO 9.2 / CC4.1
PROC-004	Corrective Action Procedure	✅ Active	ISO 10.2 / CC4.2
PROC-005	Management Review Procedure	✅ Active	ISO 9.3 / CC1.2
PROC-006	Document Control Procedure	✅ Active	ISO 7.5 / CC1.4
PROC-007	HR Security Procedure	✅ Active	ISO A.6.x / CC1.4

Registers

ID	Document	Status
REG-001	Asset Register	✅ Active
REG-002	Risk Register	✅ Active
REG-003	Supplier Register	✅ Active

Framework-Specific

ISO 27001SOC 2

Document	Status
ISMS Scope	✅ Active
Statement of Applicability	✅ Active
Audit Schedule	✅ Active
Certification Roadmap	✅ Active

Document	Status
SOC 2 Overview	✅ Active
Trust Services Criteria	✅ Active
Control Activities	✅ Active
Readiness Roadmap	✅ Active

Auditor Quick Access

Document	Purpose
ISO 27001 / SOC 2 Control Mapping	See how controls align across frameworks
Evidence Index	Find all audit evidence in one place

---

ISMS at a Glance

OrganisationScopeCertification TargetsKey Contacts

• Legal entity: CTW Data Solutions GmbH
• Product: Quick-ID (quick-id.com)
• Employees: 1-10
• Infrastructure: Microsoft Azure (EU), GitHub, Google Workspace
• Customers: Global direct API customers

The ISMS covers all operations of CTW Data Solutions GmbH — including software development, cloud infrastructure, customer API access management, employee operations, and supplier relationships.

Framework	Target Date	Status
ISO/IEC 27001:2022	September 2026	🔄 In Progress
SOC 2 Type I	Q4 2026	📋 Planned
SOC 2 Type II	Q2-Q3 2027	📋 Planned

Role	Contact
Information Security Officer	CEO / Founder
Data Protection Officer (DPO)	Appointed DPO
Security incidents	security@quick-id.com

---

Compliance Dashboard

Metric	ISO 27001	SOC 2
Controls mapped	40 (Annex A)	52 (TSC)
Implemented	33 (83%)	48 (92%)
In progress	5	4
Policies	6 shared	6 shared
Procedures	7 shared	7 shared
Evidence artefacts	28 indexed	28 indexed

---

How to Edit This Documentation

1. Clone the repo: git clone https://github.com/CTWDataSolutions/ctw-iso27001
2. Edit any .md file in the docs/ folder
3. Preview locally: mkdocs serve
4. Commit and push — the site rebuilds automatically within ~2 minutes

Tip: Every change is version-controlled. You can always see who changed what and when via git log.

---

Classification

All documents in this repository are classified Confidential unless otherwise stated.

Level	Meaning
🔴 Top Secret	Government ID data, private keys, credentials
🟡 Confidential	ISMS docs, customer data, contracts, source code
🔵 Internal	Operational info for staff only
⚪ Public	Marketing, public API docs