Playing it safe
Interview with the DACHSER IT safety advisor Christian von Rützen.
Why did DACHSER have its central IT services certified according to ISO 27001?
We thought of our customers first and foremost with regard to the certification. They not only transfer their data to us, they also trust that we handle their sensitive business information in a responsible manner. As an international logistics service provider, we must meet the information security requirements and must also be able to substantiate this accordingly. ISO 27001 is the internationally recognized standard for information security; everyone speaks the same language here. The ISO certification clarifies: Data is in safe hands with DACHSER.
Optimization and efficiency are additional reasons for ISO certification. Even 10 years after establishing IT security, we want to continually refine our technology and processes. Furthermore, the certificate simplifies normal audit processes by auditors, certifications such as AEO and more.
How important is information security to logistics?
It is important to such a degree that the global security concept is inquired from nearly every new business transaction and also with existing customers in the context of audits with a catalog of questions. It is also important to know that a large portion of order data is transmitted electronically today - with increasing tendency. Customers know that their own processes are dependent on the availability of the DACHSER systems. Particularly in the food sector, perishable goods often must be picked up on a continuous basis and in a very timely manner. If the truck does not arrive, a backlog in the production line occurs quickly and the conveyor belts stand still. Or if we operate a warehouse for an automobile supplier: If the parts are not delivered just-in-time to the assembly area, the production comes to a standstill.
Does this certification only apply to the IT center in Kempten?
We have certified our central IT services, data centers, infrastructures and IT specialty areas. However, DACHSER-IT is characterized by a high degree of centralization and therefore consistency, and depth of integration. The IT center in Kempten defines and develops the transport and warehouse management systems, as well as the eLogistics Internet applications in-house, and makes them for available use worldwide. In this sense, the certification has a decidedly international dimension. We take a step further than most of our competitors who have certified individual decentralized portions of their IT department (if at all). For us, central certification makes sense: Just like us, our customers are of a global nature and would like to place confidence in the same security standards everywhere when working with DACHSER.
This comprehensive certification must have been complex.
Yes, the two-step audit process lasted about six months. Whereby we have to state clearly: The certification according to ISO 27001 is not meant to be a snapshot in time for which we spruced ourselves up temporarily. An annual surveillance audit can only be passed and recertified with consistent improvement of safety processes. It is our goal to keep improving upon each point - and the auditors from TÜV SÜD have given us some very good suggestions.
ISO 27001
The internationally recognized standard ISO 27001 (current version: ISO/IEC 27001:2005) describes the safe handling of information within a company. The content of the certification covers all aspects of information security: from the technical disciplines of virus protection, spam protection and security of the Internet applications to failure safety and emergency planning, to organizational aspects such as confidentiality regulations with external IT service providers and consultants or IT user guidelines.
Regarding the depth of content, the standard requires a risk management system at all levels in order to be able to sensibly classify and manage the multitude of risks. Furthermore, certification according to ISO 27001 is set up as a continuous improvement process. During the annual surveillance audit, progress regarding information security must be substantiated in order to renew the certification.
The IT certification is only one component in a multitude of certifications and assessments in the various DACHSER country organizations.