Quality & Security

In a nutshell: Our guidelines for information security.

  • We protect any kind of information.
  • We are aware of the problems and importance of security and the protection of information.
  • We respect our customers who entrust us with valuable information.
  • We operate the protection of information not as an ‘annoying must’ but with the understanding of the consequences that inadequate protection may have.
  • We scrutinize and check our information security regularly and event-related and try to improve them on and on.
c&s group GmbH Konformitätstest Testhaus Testsysteme

What does Information Security mean to us?

With the help of information security, any kind of information should be protected. The more often used term IT security has, according to the definition of information technology, the aim to protect information that are only available in digitized form. Therefore, it is basically a rather narrow definition which does not cope with the claims to a comprehensive security of all kinds of information. Consequently, we use the term information security because we would like to protect any kind of information.

What is ISO/IEC 27002?

The title ISO/IEC 27002 is Information technology – Security techniques – Code of practice for information security management and it gives recommendations for the safe use of information and in particular for the protection of information against unauthorized access. It thus contributes to the legitimate need to protect your information.

A certification to this standard is not possible but can be made by the related standard ISO/IEC 27001.

The standards emerged from the guidelines and procedures that the BSI (Bundesamt für Sicherheit in der Informationstechnik) has developed. On the website of the BSI, these methods can be found with detailed explanations and background information.

ISO/IEC 27002 includes the following topics:

  • Instructions and guidelines to information security
  • Organizational safety measures and management process
  • Responsibility and classification of information values
  • Personnel security
  • Physical security and public utility services
  • Network and operational security (data and telephony)
  • Access control
  • System development and maintenance
  • Handling of security incidents
  • Emergency precaution planning
  • Compliance of legal requirements, security guidelines and reviews by audits.

As we were examined by an external company.

Volkswagen requested an evaluation of information security at C&S because during our cooperation we get information about secret and confidential processes, products and information.

The assessment is based on standards and guidelines:

  • Requirements of VDA: Information Security Assessment VDA (based on ISO/IEC 27001)
  • VW guideline: IT security guidelines for partner companies
  • VW guideline: Prototype security (basic safety standards for co-developers for the protection of prototypes, components and their data).

The company operational services was authorized with the realization of the assessment.

The assessment is done in several steps:

  1. Analysis of the current situation (structures, processes, interfaces).
  2. Comparison of the determined actual state with the ‘ideal’ situation as an aim; the ideal situation is described in the above mentioned standards and guidelines.
    A comparison is done by document analysis, interviews and on-site investigation.
  3. Definition of measures as a key for the improvement – future-oriented improvement of processes and the security.

At the end of the assessment and, where necessary, the implementation of defined measures, is the release of the secret data.

This release is valid for a maximum of 3 years. No later than at the expiration date, a ‘re-assessment’ occurs

On September 29, 2014, the release of secret data was given to us.

News

Exhibition at the IEEE Ethernet & IP @ Automotive Technology Day, 9-10 October 2018 in London

There were more than 300 attendees, we’ve had great opportunities to discuss with customers and technical experts abou

Read More

Japanese carmakers increasingly interested in C&S testing services!

Our partner, ADaC, presents our services at the AUTOMOTIVE WORLD, 5-7 September 2018 in Nagoya!

Read More

We Are Testing the Future Right Now!

Visit our booth number 22 at the IEEE Ethernet & IP @ Automotive Technology Day, 9-10 October 2018 in London...

Read More
Load More News

Copyrighted Image

By continuing to use the site, you agree to the use of cookies Further information

Our website uses so-called cookies. These are small text files that are stored on your device by the browser. They do not cause any damage.

We use cookies to make our website more comfortable for you to use.
Some cookies remain stored on your device until you delete the cookies. They allow us to recognise your browser on your next visit. If you do not want this, you can set up your browser in such a way that you are notified about the setting of cookies and you can only permit this from case to case:

Netscape, Mozilla, Firefox: -> Edit -> Settings -> Advanced -> Cookies

Disabling cookies may limit the functionality of our website.

Close