English

Security for your Data

TISAX certification and many other measures

Security for your Data

As our customer, you entrust us with one of your most valuable resources – your data. We can’t write documents for you unless we receive detailed information about your products and services. At the beginning of each customer relationship, we sign a confidentiality agreement – all well and good. And then what? What is "secure" and how do we ensure the security of your data?

We provide you with a little insight into our activities, knowing that there will never be complete protection and that we, like all other companies, have to struggle daily with a variety of attacks from across the entire net. Their defence requires increasingly sophisticated techniques, but also resources that we would certainly prefer to use in other, more productive areas.

In addition to the backups that we perform daily, there’s our external backup data centre, which we operate in parallel with our data centre in Kempen, Germany. Here, we maintain sufficient IT resources to ensure that we’re still able to work – even if the server operation in Kempen is affected by massive damage. This data centre boasts modern access protection, emergency power generators and redundant network connections. Our database is synchronised daily between the two data centres, and for financial reasons, we’ve decided against a "hot standby" solution. In order to activate the backup server room, administrative intervention is necessary; the downtime in the worst case scenario is about one day.

The view from the outside

In addition, what you do can be validated by external experts. The motto is: “Battle of the rose-coloured glasses”. We recently did this and asked an external testing institute to examine the “intrusion resistance" of our IT structures. Essential aspects of this review were:

  • Application vulnerabilities (Outdated software, insecure encryption methods, insecure protocols)
  • Analysis of server communication (Are connections established to suspicious systems? Are there errors in the firewall configuration?)
  • Are problematic services being called up by employees on the Internet (Is there an increased risk of infection by malware?)

The result was reassuring: there were (almost) no problems – from the auditors' point of view an extremely rare finding; for us, both a pleasure and a task. We’re working on eliminating the found, albeit minor residual risks.

Finally, there is a certification with the beautiful name: TISAX (Trusted Information Security Assessment Exchange). TISAX is an information security standard, defined by the automotive industry. Since 2017, a large number of automotive manufacturers and suppliers to the German automotive industry have required their business partners to carry the TISAX certification.

The member companies of the German Association of the Automotive Industry e. V. (VDA) have compiled a catalogue that has been derived from the international industry standard ISO/IEC 27001 and has been adapted to the requirements of the automotive world.

We’ve received the certification for the level "high" (confidential) and have therefore taken all possible measures to be able to process and translate the documents marked in this manner.

These are all small, but important steps towards implementing our quality and safety philosophy, which in the end should only create one thing: your trust in our work.

Manuel Welter
Author:
Blog post Manuel Welter