Today, solid information security brings far more advantages for companies than simply securing the technical infrastructure. Entire business processes now depend on it significantly - whether it is the secure handling of sensitive data or the legally compliant processing of the same. That is why the term now encompasses the protection of the entire flow of information. Automotive supplier Mubea succeeded in standardizing information security in ten European countries through their DQS certification according to ISO 27001, thus positioning themselves well against competitors. Potential IT risks and the handling of confidential information were investigated, continuously improved, and developed.
- Information security in ten countries brings competitive advantages
- Corporate information security - An edge that customers pay attention to
- ISO 27001 - Certification brings advantages
- TISAX® - Assessments for the automotive sector
- Double certification by DQS
- Europe-wide corporate information security
- Information security management system according to an international standard
- DQS: Simply leveraging Quality.
Information security in ten countries brings competitive advantages
Globalization presents many companies with enormous challenges when it comes to information security. The infrastructure and legal regulations in some cases differ widely in the individual countries. Nevertheless, globally active companies are obliged to implement an effective vulnerability management system and establish suitable protective measures. This is because the digitization of business processes across national borders requires an equal level of IT security from all parties involved, which must be guaranteed across the entire value chain.
In the automotive industry, additionally, the security of data and information requiring protection is becoming increasingly important when it comes to international collaboration between different locations, subsidiaries, or service providers. Automotive supplier Mubea faced the major hurdle of raising IT security to the same level in ten countries with a total of 20 subsidiaries.
Corporate information security in companies - An edge that customers pay attention to
Years ago, the lightweight construction specialist for body, chassis, and powertrain began to take a close look at information security: "Our customers increasingly anchored the topic in their purchasing conditions. And in order to remain well positioned among the competition, we wanted to act quickly," reports Christiane Habbel, Head of IT - Information Security & Compliance at the company. But that wasn't the only reason: "We strive to constantly improve our management system for information security any way and to sensitize our employees to the topic. So in 2017, we decided to have certification carried out in accordance with the recognized ISO 27001 standard. This helps us enormously in this endeavor," says Habbel.
ISO 27001 - Certification brings advantages
ISO 27001 is an international standard for information security for private, public, or non-profit organizations. The standard describes the requirements for setting up, implementing, operating, and optimizing a documented information security management system (ISMS). The certification is always adapted to the circumstances of the respective company and takes individual specifics into account.
ISO 27001 in practice
The DQS Audit Guide for Annex A (based on ISO 27001:2013)
Benefit from good audit questions and possible evidence on selected measures.
From experts in the field.
In addition to the topic of information security, the standard is particularly concerned with the analysis and handling of the associated risks. For companies, it thus offers a systematically structured approach to protecting the integrity of operational data and its confidentiality. At the same time, it ensures the availability of the IT systems involved in corporate processes. Certificates according to the globally recognized standard are generally valid for three years. However, with a view to continuous improvement and the ongoing effectiveness of the management system, a monitoring audit is carried out annually.
TISAX® - Assessments for the automotive sector
It is true that TISAX® (Trusted Information Security Assessment Exchange), a standard for information security defined by the automotive industry, has been in existence since 2017 and is thus another certification option that many automotive manufacturers and suppliers now require from business partners. However, TISAX® is a European standard for the industry and not yet established globally.
"That didn't go far enough for us," Habbel recalls. That's why the Attendorn-based company initially opted for ISO 27001 certification to give it a competitive edge in terms of information security.
TISAX®: Good planning for successful assessments
Are you faced with the task of meeting automotive industry requirements in terms of information security? Then you should make some important decisions in advance of a TISAX® assessment. Our free White Paper provides guidance.
Double certification by DQS
With this decision in mind, Mubea set out to find a suitable partner and decided on DQS without hesitation.
We came across DQS relatively quickly during our research and found out in an initial meeting that we were a very good match.
To this end, the DQS auditors first examined the functioning of the information security management system (ISMS) on site. In addition, for ISMS certification, Mubea had to demonstrate successful interaction of the basic values of information security: Confidentiality, Integrity, and Availability. These are the three protection goals of information security.
Potential IT risks or processes endangering information security were listed and optimized in this context. "The cooperation with DQS was very practical and customer-oriented. We benefited greatly from the in-depth industry knowledge of the auditors, who supported us in all aspects," says Habbel. "This is true for both ISO 27001 and TISAX® certification."
Europe-wide corporate information security
With the help of DQS, however, Mubea has not only succeeded in optimizing the security of sensitive data and information at its headquarters. With the help of DQS, the company has also raised 20 subsidiaries at ten locations in Europe to a new level of security and established a common security standard.
Mubea can now reliably document its own information security to customers and partners with the two certificates. This gives the automotive supplier a competitive advantage in the market, Habbel states: "With ISO 27001, we have not only brought a high security standard into the company throughout Europe. We also protect ourselves against cyber attacks from outside and have been able to sensitize our employees to the security of our confidential corporate assets. Because information security is much more than just IT security. Now, however, we are not standing still. Key components of our management system are audited annually in order to achieve further improvements. The already very good level of our information security is thus continuously evolving."
Facts, data, figures
The Mubea Group of Companies is the global market leader in terms of the development and production of complex automotive components that lead to a reduction in the weight of vehicles and contribute to improved environmental protection through reducedCO2 emissions. The owner-managed family business from Attendorn focuses on technical innovations and operational excellence. It is driven by the ambition to be sustainably among the top 100 global automotive suppliers.
The product range includes chassis components such as axle springs, stabilizers, fiber composite springs, and precision steel tubes, as well as engine components such as valve springs, automatic belt tensioning systems, and spring band clamps, and also transmission components such as drive shafts and transmission plate springs. The subsidiary Mubea Flamm also develops and manufactures components and assemblies for the aerospace and household appliance industries.
Information security management system in accordance with an international standard
The internationally recognized ISO 27001 standard for information security management systems (ISMS) applies worldwide. It provides organizations of all sizes and industries with a framework for planning, implementing, and monitoring information security. There is more to it than just the aspects of IT security. Of particular practical value is the implementation of the controls in Annex A of the standard.
More than a checklist
Valuable expert knowledge on ISO 27001 - Annex A (based on ISO 27001:2013):
- Good audit questions on selected measures
- Possible evidence and key figures
The standard requirements are generally applicable to private and public companies as well as non-profit institutions. With regard to data protection and the secure handling of personal data with integrity, ISO 27701 is a useful addition to the standard.
How you can benefit from an ISMS
By systematically setting up and implementing a process-oriented ISMS (information security management system) in accordance with ISO 27001, companies achieve decisive advantages, for example:
- Protection of confidential information against misuse, loss and disclosure as an integral part of the company's processes
- Sensitization of employees: threats within the company are reliably detected and reduced
- Adherence to relevant compliance requirements, more action, and legal certainty
- Creation of trust among customers, business partners, and the general public
- Increased competitiveness
- Optimization of process and IT costs
The standard is available from the ISO website:
ISO/IEC 27001:2013 - Information technology - Security techniques - Information security management systems - Requirements
The revised version ISO/IEC 27001:2022 was published on October 25, 2022. We will continue to add information about the changes as it comes available.
DQS: Simply leveraging Quality.
DQS specializes in audits and certifications for management systems and processes. With the experience of more than 35 years and the expertise of 2,500 auditors, the company headquartered in Frankfurt, Germany, is a competent partner for management. We audit according to around 200 recognized standards and regulations or according to your company-specific specifications - regionally, nationally, and internationally.
Impartiality and objectivity are essential elements for us when conducting audits and certifications. And this applies not only to the normative areas, but also to the performance of all audit activities.
We would be happy to help you if you would like to have the information security management system (ISMS) of your company or organization certified.
Certification according to ISO 27001
We show you what effort and costs you should expect for a certification of your information security management system. Get information free of charge and without obligation.