Successful Certification to ISO/IEC 27001 and Participation in TISAX Assessment

Neumann & Müller Veranstaltungstechnik (N&M) has had its information security management system certified to the internationally recognised ISO/IEC 27001 standard. This guarantees that N&M ensures the confidentiality, integrity and availability of information by means of appropriate measures. The automotive industry’s TISAX standard has similar aims: the label provides further verification that, in its role of contractor, N&M provides a high level of protection in the field of data security. By complying with these standards, the company is underlining its role as a trailblazer within the sector.

Companies working for the automotive industry need to provide manufacturers with verification of their information security activities. In the past, suppliers underwent corresponding security tests for every single manufacturer (OEM). Thanks to TISAX – the abbreviation stands for “Trusted Information Security Assessment Exchange” – one verification is now sufficient for all manufacturers. This standard for information security in the automotive industry is accepted across national boundaries and throughout the sector. N&M underwent an assessment that proves the company can provide the demanded level of protection in information security. This verification helps to establish trust among clients and partners – particularly in high-tech sectors like automotive, pharma, machine building and finance. In all of these industries, information security and the protection of confidential content are increasingly becoming decisive criteria when it comes to awarding contracts. Following the Assessment Report, N&M is now registered in the “ENX Association’s”* database, where all OEMs can view the validity of their suppliers’ status, which is updated on a daily basis. N&M has worked for the sector for many years now, realising technical concepts for trade fair presences and corporate events, for example.

N&M has also been certified to ISO 27001. This international standard specifies the requirements a corporate organisation has to meet to establish an effective “information security management system” (ISMS). The ISMS applies to the planning and execution of events – in other words, the entire core of N&M’s services. This includes implementing, operating and monitoring as well as inspecting, updating and continuously improving the system. The goal of the standard is to ensure the confidentiality, integrity and availability of information by means of appropriate security measures. In concrete terms, this means developing and establishing policies, determining roles and responsibilities, managing physical and digital IT resources and ensuring effective risk management. Further requirements include security checks, training in security awareness, handling security incidents and ongoing monitoring and improvement of security measures.

Christoph Rupieper, General Manager N&M

At N&M, the ISMS is fully integrated into the company’s existing management systems for quality assurance, environmental protection and occupational health and safety. The initial basis for today’s system was created 30 years ago when the enterprise established its internal IT department. The beginning of the current decade saw further investment in the resilience and availability of the systems. As N&M managing director Christoph Rupieper explains: “Nowadays information security is an integral part of day-to-day corporate culture. It means our clients can be sure of complete security along the entire event value chain – from initial planning to implementation on site. It’s like the technical equipment behind the stage: often invisible but essential in ensuring that everything runs smoothly. Our ISMS sends a clear signal about the importance we attach to security and responsibility.”

* About ENX ASSOCIATION

Founded in 2000, ENX Association is an organization consisting of automobile manufacturers, suppliers and four national automotive associations. The aim is to enable and simplify secure and trustworthy collaboration over industrial value-added networks. With its association structure, ENX is the initiator and governing body of common standards and inter-operable services that are based on these standards. ENX acts as a neutral governance and escalation authority as well as a driver of ongoing development for the users. The ENX Association uses the TISAX registered trade mark on behalf of the German Association of the Automotive Industry (VDA).

Source: ENX.com