Quality & Security

In a nutshell: Our guidelines for information security.

  • We protect any kind of information.
  • We are aware of the problems and importance of security and the protection of information.
  • We respect our customers who entrust us with valuable information.
  • We operate the protection of information not as an ‘annoying must’ but with the understanding of the consequences that inadequate protection may have.
  • We scrutinize and check our information security regularly and event-related and try to improve them on and on.

What does Information Security mean to us?

With the help of information security, any kind of information should be protected. The more often used term IT security has, according to the definition of information technology, the aim to protect information that are only available in digitized form. Therefore, it is basically a rather narrow definition which does not cope with the claims to a comprehensive security of all kinds of information. Consequently, we use the term information security because we would like to protect any kind of information.

What is ISO/IEC 27002?

The title ISO/IEC 27002 is Information technology – Security techniques – Code of practice for information security management and it gives recommendations for the safe use of information and in particular for the protection of information against unauthorized access. It thus contributes to the legitimate need to protect your information.

A certification to this standard is not possible but can be made by the related standard ISO/IEC 27001.

The standards emerged from the guidelines and procedures that the BSI (Bundesamt für Sicherheit in der Informationstechnik) has developed. On the website of the BSI, these methods can be found with detailed explanations and background information.

ISO/IEC 27002 includes the following topics:

  • Instructions and guidelines to information security
  • Organizational safety measures and management process
  • Responsibility and classification of information values
  • Personnel security
  • Physical security and public utility services
  • Network and operational security (data and telephony)
  • Access control
  • System development and maintenance
  • Handling of security incidents
  • Emergency precaution planning
  • Compliance of legal requirements, security guidelines and reviews by audits.

As we were examined by an external company.

Volkswagen requested an evaluation of information security at C&S because during our cooperation we get information about secret and confidential processes, products and information.

The assessment is based on standards and guidelines:

  • Requirements of VDA: Information Security Assessment VDA (based on ISO/IEC 27001)
  • VW guideline: IT security guidelines for partner companies
  • VW guideline: Prototype security (basic safety standards for co-developers for the protection of prototypes, components and their data).

The company operational services was authorized with the realization of the assessment.

The assessment is done in several steps:

  1. Analysis of the current situation (structures, processes, interfaces).
  2. Comparison of the determined actual state with the ‘ideal’ situation as an aim; the ideal situation is described in the above mentioned standards and guidelines.
    A comparison is done by document analysis, interviews and on-site investigation.
  3. Definition of measures as a key for the improvement – future-oriented improvement of processes and the security.

At the end of the assessment and, where necessary, the implementation of defined measures, is the release of the secret data.

This release is valid for a maximum of 3 years. No later than at the expiration date, a ‘re-assessment’ occurs

On September 29, 2014, the release of secret data was given to us.

News

Successful assessment of our QM system.

On March 10, 2017, we had a representative of the DAkks in our house, who has carried out a monitoring report on our cur

Read More

We were at the “Automotive Ethernet Congress” on the 7th of February 2017

This year „Automotive Ethernet Congress” took place in Hilton Munich Park near the English Garden in Munich. Like la

Read More

Presentation at the iCC in Nuremberg on March 8, 2017

On Wednesday, March 8th, 2017, our employee, Christoph Wosnitza, gave a presentation on "Interoperability challenges for

Read More
Load More News