Today, solid information security brings far more advantages for companies than simply securing the technical infrastructure. Entire business processes now depend significantly on it - whether it is the secure handling of sensitive data or the legally compliant processing of the same. That is why the term now encompasses the protection of the entire flow of information. Automotive supplier Mubea succeeded in standardizing information security in ten European countries through their DQS certification according to ISO 27001, thus positioning themselves well against the competition. Potential IT risks and the handling of confidential information were scrutinized and continuously improved and developed.

Loading...

Information security in ten countries brings competitive advantages

Globalization presents many companies with enormous challenges when it comes to information security. The infrastructure and legal regulations differ in some cases massively in the individual countries. Nevertheless, globally active companies are obliged to uncover vulnerabilities everywhere and establish suitable protective measures. This is because the digitization of business processes across national borders requires a comparable level of IT security from all parties involved, which must be guaranteed across the entire value chain.

In the automotive industry, too, the security of data and information requiring protection is becoming increasingly important when it comes to international collaboration between different locations, subsidiaries or service providers. Automotive supplier Mubea faced the major hurdle of wanting to raise the level of IT security to the same level in ten countries with a total of 20 subsidiaries.

Corporate information security in companies - An edge that customers pay attention to

Years ago, the lightweight construction specialist for body, chassis and powertrain began to take a close look at information security: "Our customers increasingly anchored the topic in their purchasing conditions. And in order to remain well positioned among the competition, we wanted to act quickly," reports Christiane Habbel, Head of IT - Information Security & Compliance at the company. But that wasn't the only reason: "We strive to constantly improve our management system for information security anyway and to sensitize our employees to the topic. So in 2017, we decided to have certification carried out in accordance with the recognized ISO 27001 standard. This helps us enormously in this endeavor," says Habbel.

Loading...

ISO 27001 - Certification brings advantages

ISO 27001 is an international standard for information security for private, public or non-profit organizations. The standard describes the requirements for setting up, implementing, operating and optimizing a documented information security management system (ISMS). The certification is always adapted to the circumstances of the respective company and takes individual specifics into account.

In addition to the topic of information security, the standard is particularly concerned with the analysis and handling of the associated risks. For companies, it thus offers a systematically structured approach to protecting the integrity of operational data and its confidentiality. At the same time, it ensures the availability of the IT systems involved in corporate processes. Certificates according to the globally recognized standard are generally valid for three years. However, with a view to continuous improvement and the ongoing effectiveness of the management system, a monitoring audit is carried out annually.

TISAX® - Assessments for the automotive sector

It is true that TISAX® (Trusted Information Security AssessmentExchange), a standard for information security defined by the automotive industry, has been in existence since 2017 and is thus another certification option that many automotive manufacturers and suppliers now require from business partners. However, TISAX® is a European standard for the industry and not yet established globally.

"That didn't go far enough for us," Habbel recalls. That's why the Attendorn-based company initially opted for ISO 27001 certification to give it a competitive edge in terms of information security.

Double certification by DQS

With this decision in mind, Mubea set out to find a suitable partner and decided on DQS without further ado.

habbel-christiane-quelle-mubea
Loading...

We came across DQS relatively quickly during our research and found out in an initial meeting that we were a very good match.

Christiane Habbel Head of IT - Information Security & Compliance at Mubea

To this end, the DQS auditors first examined the functioning of the information security management system (ISMS) on site. In addition, for ISMS certification, Mubea had to demonstrate successful interaction of the basic values of information security: Confidentiality, Integrity and Availability. Potential IT risks or processes endangering information security were listed and optimized in this context. "The cooperation with DQS was very practical and customer-oriented. We benefited greatly from the in-depth industry knowledge of the auditors, who supported us in all aspects," says Habbel. "This is true for both ISO 27001 and TISAX® certification."

Europe-wide corporate information security

With the help of DQS, however, Mubea has not only succeeded in optimizing the security of sensitive data and information at its headquarters. With the help of DQS, the company has also raised 20 subsidiaries at ten locations in Europe to a new level of security and established a common security standard.

Mubea can now reliably document its own information security to customers and partners with the two certificates. This gives the automotive supplier a competitive advantage in the market, Habbel states: "With ISO 27001, we have not only brought a high security standard into the company throughout Europe. We also protect ourselves against cyber attacks from outside and have been able to sensitize our employees to the security of our confidential corporate assets. Because information security is much more than just IT security. Now, however, we are not standing still. Key components of our management system are audited annually in order to achieve further improvements. The already very good level of our information security is thus continuously evolving."

Loading...

Facts, data, figures

The Mubea Group of Companies is the global market leader in terms of the development and production of complex automotive components that lead to a reduction in the weight of vehicles and contribute to improved environmental protection through reduced CO2 emissions. The owner-managed family business from Attendorn focuses on technical innovations and operational excellence. It is driven by the ambition to be sustainably among the top 100 global automotive suppliers.

The product range includes chassis components such as axle springs, stabilizers, fiber composite springs and precision steel tubes, as well as engine components such as valve springs, automatic belt tensioning systems and spring band clamps, and also transmission components such as drive shafts and transmission plate springs. The subsidiary Mubea Flamm also develops and manufactures components and assemblies for the aerospace and household appliance industries.

Information security management system in accordance with an international standard

The internationally recognized ISO 27001 standard for information security management systems (ISMS) applies worldwide. It provides organizations of all sizes and industries with a framework for planning, implementing and monitoring information security. There is more to it than just the aspects of IT security. Of particular practical value is the implementation of the measures in Annex A of the standard.

The standard requirements are generally applicable and apply to private and public companies as well as non-profit institutions. With regard to data protection and the secure handling of personal data with integrity, ISO 27701 is a useful addition to the standard.

How you can benefit from an ISMS

By systematically setting up and implementing a process-oriented ISMS (information security management system) in accordance with ISO 27001, companies achieve decisive advantages, for example:

  • Protection of confidential information against misuse, loss and disclosure as an integral part of the company's processes
  • Sensitization of employees: threats within the company are reliably detected and reduced
  • Adherence to relevant compliance requirements, more action and legal certainty
  • Creation of trust among customers, business partners and the general public
  • Increased competitiveness
  • Optimization of process and IT costs

The standard is available from the ISO website:
ISO/IEC 27001:2013 - Information technology - Security techniques - Information security management systems - Requirements 

DQS: Simply leveraging Quality.

DQS specializes in audits and certifications for management systems and processes. With the experience of more than 35 years and the expertise of 2,500 auditors, the company headquartered in Frankfurt am Main, Germany, is a competent partner for management. We audit according to around 200 recognized standards and regulations or according to your company-specific specifications - regionally, nationally and internationally.

Impartiality and objectivity are essential elements for us when conducting audits and certifications. And this applies not only to the normative areas, but also to the performance of all audit activities.

We would be happy to help you if you would like to have the information security management system (ISMS) of your company or organization certified.

iso 27001-annex-a-dqs employee looks at laptop in it environment
Loading...

Certification according to ISO 27001

We show you what effort and costs you should expect for a certification of your information security management system. Get information free of charge and without obligation.

Author
André Saeckel

Product manager at DQS for information security management. As a standards expert for the area of information security and IT security catalog (critical infrastructures), André Säckel is responsible for the following standards and industry-specific standards, among others: ISO 27001, ISIS12, ISO 20000-1, KRITIS and TISAX (information security in the automotive industry). He is also a member of the ISO/IEC JTC 1/SC 27/WG 1 working group as a national delegate of the German Institute for Standardization DIN.

Loading...
<p>DQS Standard Expert Information Security</p>