The Prinz-Mayweg Group has been supplying precision steel tubes to the automotive industry for over 100 years. And the company has been meeting the high quality standards of its customers for just as long. Special certifications are requirements that automotive manufacturers demand from their suppliers today. The Prinz-Mayweg Group prepared and carried out the complex certification process in the area of IT security with otris software.
Car manufacturers have always had to protect themselves against espionage, sabotage and data theft. With the introduction of digital systems, this challenge increased. The more complex the systems became in recent years, the more effort was needed to protect them. However, car manufacturers do not only use their information assets (e.g. design drawings) internally, but also pass them on to their suppliers as required. The manufacturers therefore have a great interest in ensuring that their suppliers also operate a functioning IT security system.
IT Security Standards in the Automotive Industry.
In the automotive industry, there are special standards (e.g. TISAX ®) that suppliers use to prove that they operate an effective information security management system (ISMS). The auditing in the area of IT security is tailored to the requirements in the automotive industry and has become a kind of knock-out criterion for suppliers: Without the required certificates, no orders.
Located in Group Data Protection, the Prinz-Mayweg Group formed its own competence team to tackle the certification process in the area of IT security. The challenge: In order to be ready for the audit, as well as to take advantage of a group assessment in group structures, an information security system (ISMS) according to ISO/IEC 27001 had to be implemented in a centralised manner and function smoothly.
Selecting a special software.
The Prinz-Mayweg Group has been using the special data protection software otris privacy for years. The addition of an ISMS module to the software came in very handy for the competence team: “We did look at other products, but quickly realised that otris was the right choice. The deciding factor was not only the familiar user interface, but also the fact that otris has been established and reliable for many years.
External consultant completes the team.
The competence team engaged an external consultant from T-Systems MMS to be optimally prepared for the certification process. One of the first steps was to configure the ISMS special solution for the project together with otris consulting. The otris ISMS software already contains the catalogues for certification according to ISO/IEC 27001 and ISO 27001 based on the BSI’s IT basic protection compendium. “Integrating the catalogue for the special requirements in the automotive industry was possible without much effort. We liked that,” the team members report.
Prepare certification
The substantive work began with a gap analysis. Together with the external consultant, the project team determined the current state of the IT security system and checked it for strategic and operational gaps. The otris ISMS was used for the concrete preparation for certification: the special software is used to document the current state of the IT security system. A network plan makes transparent which processes and information values (assets) are interdependent. The integrated risk analysis functions determine the need for action and link measures for optimisation.
The software makes it transparent where the Prinz-Mayweg Group stands and what needs to be done. During the operational work, the project team liked, among other things, the uncomplicated integration of external service providers: “We send an email with a link to the corresponding checklists to the service provider. After he has filled them out, the data is automatically transferred to the software.”
The result
At the end of the certification project, more than 180 individual documents with process descriptions were clearly structured and interlinked in the ISMS. The need for measures was determined and the implementation organised. Even all staff training on IT security is conducted using the system’s e-learning functions. So well positioned, it was perhaps not surprising but a great relief when the auditors announced the result: Präzisionsrohre Friedr. Wilhelm Mayweg GmbH & Co. KG passed the audit! “We are pleased to have successfully passed the certification! The ISMS software from otris was a great help during the preparation. And currently it helps us with the continuous testing and optimisation of our IT security”, summarises the project manager.
About the Prinz-Mayweg Group.
For more than 100 years, the Prinz-Mayweg Group has been processing precision steel tubes for customer-specific applications in industry and trade. The traditional company with headquarters in Wickede, which has been owner-managed since its foundation in 1896, stands for precision, innovative content and excellent quality in the creation and processing of high-quality steel tubes and steel tube components. This performance strength and the associated symbiosis of tradition and modernity can be found, among other things, in the unique product diversity, the innovative production methods and the extraordinary vertical range of manufacture.
Photo credits:
The photos used (banner, quote) were kindly provided by the Prinz-Mayweg Group.