Your secret’s safe at Krones
September 12, 2014 By Andrew Joseph
At Krones, clients’ data are in verifiably safe hands, and the group’s own know-how is also protected by an information security management system (ISMS), which has recently been validated by the TÜV South technical inspectorate.
Earlier this month, TÜV South’s MS Division chief executive officer Dr. Peter Schaff handed Krones a ISO/IEC 27001 certificate—a globally recognized standard for information security management.
Krones head of IM information security Dr. Thomas Nowey explains the certificate’s importance: “Inquiries from prominent clients regarding the firm’s security concept are becoming ever more frequent at Krones as well. Now we’ve been certified to an international standard, with our system’s quality having been officially confirmed for us and our clients.”
Information security management is a broadly diversified field ranging from raising staff and vendor awareness levels and protecting access to the company’s premises and its sensitive areas, all the way through to complex IT security architectures for protecting data.
Following various preliminary audits in 2013, TÜV South tested Krones’ security concepts in a Stage-One audit at the end of March 2014.
This was followed two months later by the certification audit with TÜV South’s experts verifying in Neutraubling, Freising and Rosenheim how well these concepts are being translated into procedural reality. Krones met all the requirements laid down in ISO/IEC 27001.
“Successful operation of the information security management system in conformity with ISO/IEC 27001 bears witness to the company’s up-to-the-future focus. To guard against the security risks of today’s IT scene, you need a systematic, structured approach, one that protects confidential data, assures the integrity of company data, and increases the availability of the IT systems concerned,” says Christian Erichsen, department head Customer Competence Center at the technical inspectorate TÜV SÜD Management Service GmbH.
“Industrial espionage is becoming progressively more professional. Criminal hackers are organizing themselves into veritable bands,” reports Nowey adding that assistance from outside is rising too, with government agencies like the German Federal Office for Information Security or the State Office for the Protection of the Constitution who send out precautionary warnings when they learn of cyber attacks against German companies.
“We then get information on the attack patterns concerned, trawl through our systems for them, and create appropriate defensive strategies before we are attacked,” states Nowey.
Besides the technical component, though, data security nowadays, thanks to the rapid pace of technological change towards the networked individual, has primarily a personal component as well.
“When our staff in any hotel of the world link up with the internet, with social networks or with a client’s system, they have to know how to deal with sensitive data,” relates Nowey, adding that central monitoring is necessary but solely central control has long since become impossible, particularly for a globally operating corporation like Krones.
“Twenty years ago, you could shut yourself off from the outside world in a digital fortress. With thousands of networked staff, however, our company meanwhile resembles not so much a castle with a moat and a drawbridge, but more of a metropolis with innumerable entries and data routes.”
Nowadays, almost no business process is possible without the support of information technology. Office IT and production IT are becoming increasingly convergent, also between manufacturers and customers.
“Initial approaches for developing Industry 4.0, such as creating harmonized platforms for a global remote service or more comprehensive backups of operating data and consumption figures from clients’ lines for purposes of predictive maintenance are meanwhile discernible. Krones is already making the requisite preparations for keeping pace with these new challenges, not least in regard to protecting sensitive data,” promises Nowey, a promise that extends beyond the ISO/IEC-27001 certification.
Image caption above: (L-R): Albert Bauer, Head of Quality Management at Krones AG, Dr. Thomas Nowey, Head of IM Information Security at Krones AG, Christian Erichsen, Department Manager Customer Competence Center at TÜV South, Holger Blumberg, Head of Information Management at Krones AG, Johannes Michl, IM Information Security at Krones AG, Prof. Dr. Peter Schaff, CEO MS Division at TÜV South, Christian Striegl, Vice President International Sales at TÜV South, and Volker Kronseder, Executive Board Chairman of Krones AG.