Everything we do comes down to information. Digital, physical, and verbal. In products, processes, and in people. At GEA, we are deeply committed to protecting all kinds of sensitive information for the benefit of our customers and partners, and for our corporate success.
GEA is a globally active and leading company, known for its outstanding technologies worldwide. For more than 100 years, GEA has continued to develop and set new standards to meet the needs of the market and its customers.
Today, the need for information security is constantly growing – especially as digitalization increases.
Securing information means securing future success
Information security will have a significant impact on corporate success over the coming years. Since everything we do is based on information, and systems become more and more interconnected, securing information is an imperative for future success.
At GEA, information security is one of the prime strategic priorities. We shape and design our value creation processes to ensure information is handled securely.
By protecting our own and our partners’ company information, we will all have the prerequisites and the peace of mind to focus on what we do best: engineering for a better world.
Protecting all kinds of sensitive information
GEA strives to be the world’s leading technology group, providing innovative and sustainable solutions for sophisticated process industries. Our long-term strategy is based on our central goal to be the partner of choice for customers worldwide.
Accordingly, we strive to have a profound, secure, effective, and efficient Information Security Management System (ISMS) in place.
At GEA, we work hard every day to achieve this. We operate and continuously improve our global ISMS, which consists of preventive, detective, reactive, and corrective security measures against growing security threats. From top management to every employee, each member of the GEA Group worldwide is committed to protecting both the information of our customers and partners as well as our own in the best possible way within their area of responsibility.
Comprehensive information security approach
Our approach is to protect all kinds of sensitive information: intellectual property, strategic, pricing, personal information and other know-how processed by GEA, regardless of its format. Because information security applies to physical, electronic, and verbal information alike.
Our goal is to adequately protect all information assets from theft, loss, unauthorized disclosure, unlawful access, misuse, unauthorized modification, and destruction.
We achieve this by covering the core values of information security – confidentiality, integrity, and availability – also known as “CIA.”
Global Information Security Management System (ISMS) based on ISO/IEC 27001
GEA operates and runs a global Information Security Management System (ISMS). It supports the Executive Board, managers, and all GEA employees in protecting sensitive information.
The security measures put in place by our ISMS play a preventive role to avoid risks in the first place. But we have also defined detective and corrective measures to respond to successful attacks in a timely manner.
GEA’s ISMS is based on the ISO/IEC 27001 standard, takes on board industry-specific regulations, is continuously further developed by our Chief Information Security Officer, and is reviewed and approved by the Executive Board.
Two lines of defense against any kind of attacks
Within the ISMS, we operate and maintain two lines of defense against major security risks.
In the first line, seven focus areas address risks and threats where they occur:
- IT Security – Secure information in office IT network and systems
- Physical Security – Secure information in sites, buildings, and offices
- Supplier Security – Secure information in the procurement and supply chain
- HR Security – Secure information in people’s minds, prevent oversight and insider threat
- OT (Operational Technology) Security – Secure information in production and engineering network & systems
- Product Security – Secure GEA’s digital products
- Digital Media Security – Secure web and social media presence
As a second line of defense, the Chief Information Security Officer is responsible for information security governance. He establishes the security levels at GEA by defining the security requirements, risk levels, and standards.
Customers and partners benefit in many ways
Thanks to GEA’s Information Security Management System we protect information assets through effective, efficient, and modern methods. Our customers and partners benefit from that in many ways:
- Peace of mind – Customers’ and partners’ data is safe with us since we protect all information assets, including those of our customers and partners.
- Competitiveness – Is preserved since we protect intellectual property (e.g., solutions tailored to our customers) against theft and espionage.
- Security of supply – Supply of GEA machinery, plants, or process technology is secure since we defend against sabotage and loss of production.
- Protected infrastructure – The infrastructure of our customers and partners is protected since we defend attacks targeting their systems through our GEA environment.