The information security management system (ISMS) of Kugler Maag Cie has been certified under ISO 27001. The TÜV Nord German technical inspectorate has confirmed to the automotive electronics expert from Kornwestheim that its ISMS conforms with the very latest cybersecurity requirements, even on an organisational level. Kugler Maag Cie thus has official confirmation that it is operating its own ISMS successfully.Back
For customers of Kugler Maag Cie, the certificate means the best possible security and low resource investments. This is because TÜV Nord certification is like a third-party seal of approval, making a variety of things easier for customers in the future. For example, they will not need to conduct elaborate security checks before embarking on joint projects. “Our customers are particularly sensitive about topics like data processing – and understandably so: lots of development projects are confidential. That’s why we decided to pull on all levers and offer optimum information security. The TÜV audit now gives us signed and sealed certification – and we’re proud of it,” says Dr Thomas Liedtke, cybersecurity expert at Kugler Maag Cie.
As cybersecurity specialist at Kugler Maag Cie, Liedtke holds primary responsibility for the certification process at the company. For certification, he drew on insights gained while working on a large number of projects in the development departments of producers and suppliers. He was able to apply this experience directly to the processes at Kugler Maag Cie. Liedtke is an acknowledged expert in the field and shares the expertise of Kugler Maag Cie through his work with several industry committees.
The certification process started in early 2019 and lasted nine months in total. After conducting a gap analysis, Kugler Maag Cie pinpointed the areas it would still need to work on to gain approvals. A series of internal readiness checks then paved the way for a trial audit in July. For the final audit in September, the TÜV checked the instruments that had been introduced to secure information assets. As well as assessing how individual processes are documented, this also involved examining physical infrastructures at the company. The TÜV also conducted lengthy interviews on all key processes at the company involving human input.
Another widely used standard in the automotive industry is TISAX, which was derived from the ISO method and adapted to the requirements of the automotive sector. Kugler Maag Cie consciously opted for the version with the broader reach. Liedtke: “We do have a stronger emphasis on the automotive sector, but we also work with a number of other firms in electronics development. By using ISO 27001, we have a broader reach.” As an international standard, ISO 27001 is also recognised outside Germany.
ISO/IEC 27001 is a generally recognised international standard for introducing systems for managing information securely within organisations. It covers the requirements for installing, implementing, maintaining and continuously improving such a documented security system. This standard also defines how any threats to the security of information should be assessed and dealt with. As a result, new business partners will generally not need to conduct elaborate security checks on companies that are already ISO 27001-certified before embarking on collaborative projects.