The ever-increasing interconnection of business processes and the growing use of digital information processing pose a major challenge for companies today: they must continuously adapt their information security measures to new and constantly growing risks.
In order to sustainably increase its information security and at the same time strengthen the trust of its customers and partners, the bike leasing provider Bikeleasing-Service decided to implement an information security management system (ISMS) in accordance with ISO 27001.
The ISMS consulting and development project, which was supported by Anna Sophie Tobaben and Maximilian Müller of usd AG, was launched in January 2024 and successfully completed in February 2025.
A broad scope for substantial benefits
The green light for the implementation of the ISMS at Bikeleasing was given in January 2024 with one of the most important and challenging decisions of the entire project: defining the scope. At the outset, the question arose as to whether all areas of the company should be included directly in the scope or whether only selected areas should be certified initially to reduce initial efforts.
Bikeleasing opted for a holistic approach: the entire company - including all sites in Germany and Austria - was included in the scope of the ISMS. This decision was made not only for strategic reasons, but above all out of conviction.
We made a conscious decision to include the entire company in the scope – not just for the certification, but because we wanted to achieve the greatest possible benefit for our information security. An ISMS only achieves its full potential when it is implemented throughout the entire company. This allows all areas to benefit from uniform processes, clear responsibilities, and a holistic awareness for security.
Michael Maretzke, Group Chief Technology Officer, Bikeleasing-Group
Pedaling together: Information security as a team effort
A functioning ISMS can only be fully effective if all employees are involved – from management and information security officers to every single person in the company. At Bikeleasing, it was therefore clear from the start that information security is not the responsibility of individuals, but a joint effort.
The project team therefore placed great importance to getting all employees on board at an early stage and raising their awareness of the issue. Through targeted training, interactive awareness campaigns, and regular communication measures, information security was anchored as an integral part of the corporate culture. The aim was not only to communicate rules, but also to consolidate a genuine understanding of the importance of information security.
For Bikeleasing, this is not a static goal, but a continuous process that is supported by everyone. Or as Florian Lenz, Information Security Manager at Bikeleasing, puts it: “We see information security as a joint cycling race in which every team member actively helps to get to the top of the podium.”
Committed stakeholders as the key to success
The success of an ISMS depends largely on how well processes, roles, and responsibilities are anchored in the company - and whether all those involved not only understand them but also actively support them. Bikeleasing has lived by this principle from the very beginning. Even in the early stages of the project, there was a high level of commitment: employees asked questions and showed great interest in providing the best possible support for the development of the ISMS.
In targeted webinars, the newly developed ISMS processes were presented, protection requirements for assets were determined, and clear measures for risk treatment were developed. The project team attached great importance to ensuring that all participants understood their roles and responsibilities in the system. This early involvement of employees ensured that the processes not only existed in theory but were also actively applied in everyday life.
The motivation and openness of Bikeleasing employees toward the topic of information security was impressive. From the very beginning, they actively contributed to supporting the project - this makes collaboration really enjoyable.
Anna Sophie Tobaben, Security Consultant, usd AG
More than just information security: Optimizing internal processes
The implementation of the ISMS at Bikeleasing not only had a positive impact on information security but also delivered tangible added value for processes outside the ISMS in various other areas of the company. The establishment of new processes and the simultaneous revision of existing ones benefited the human resources and IT departments in particular:
Clearly defined responsibilities and uniform documentation of processes and information assist employees in their daily work. The guidance reduced the risk of individual steps in workflows being overlooked or carried out differently. In addition, the documentation of these processes ensures that knowledge is not only held by individuals. As a result, processes within the respective departments are always transparent and accessible to all authorized individuals. This facilitates collaboration, ensures consistent implementation, and enables more efficient workflows.
This positive side effect of the ISMS forms a solid foundation for continuous improvement and shows that an ISMS goes far beyond mere compliance: it not only strengthens information security but also promotes the sustainable optimization of business processes - and makes it clear that information security is not a hindrance, but rather a driver for sustainable improvements throughout the entire company.
Successful audits and ISO 27001 certification
After concluding the implementation phase, a colleague who was not involved in the project conducted an internal audit at Bikeleasing. All implemented ISMS processes, guidelines, and measures were thoroughly reviewed to ensure that they met the requirements of ISO 27001 and were being effectively implemented within the company.
This was followed by an external audit conducted by TÜV Rheinland as an independent certification body. Here, too, Bikeleasing's ISMS proved convincing. On 30 May 2025, Bikeleasing was officially awarded the ISO 27001 certificate - a significant milestone that confirms the successful establishment of the ISMS and the strong commitment of all stakeholders.
In just twelve months, we as a team have brought our information security management up to ISO 27001 level - a strategic milestone and a strong signal of trust to our customers. This certification shows that technological excellence and information security go hand in hand at our company.
Michael Maretzke, Group Chief Technology Officer, Bikeleasing-Group
Sustainable added value for everyday work
The certification has led to a clear commitment at Bikeleasing to take a holistic and responsible approach to information security. With its comprehensive process certification, Bikeleasing not only stands out from the competition, but has also further strengthened its foundation for sustainable, scalable, and secure business processes. The positive changes and benefits are also clearly noticeable in everyday work:
Since its successful certification, it has become clear that the ISMS is not only formal confirmation of our already high information security standards but also provides real added value for our daily work. Our customers and partners can now rely on an internationally recognized level of security - and we can clearly feel this trust: inquiries about IT security, data handling, or internal processes have decreased measurably.
Michael Maretzke, Group Chief Technology Officer, Bikeleasing-Group
About the Bikeleasing-Service:
Since 2015, Bikeleasing-Service has been one of the leading providers in the field of company bike leasing. The company stands out from the competition not only because it leases bikes, but also because it offers an impressive comprehensive service package. In particular, its in-house claims department and extensive insurance coverage set new standards in customer service. This concept has been very well received: over 80,000 companies with more than 4 million employees in German-speaking countries already rely on the services of Bikeleasing-Service. Thanks to a constantly growing network of over 7,700 local Bikeleasing partner dealers and selected online retailers, customers can conveniently choose their personal company bike. The company's locations in Uslar, Vellmar, Berlin, Munich, Freiburg, Landshut, and Innsbruck currently employ over 500 company bike enthusiasts.
Find out more at: bikeleasing.de
