About us

Information security

GEA is a globally active and leading company, known for its outstanding technologies worldwide. For more than 100 years, GEA has continued to develop and set new standards to meet the needs of the market and its customers. 

Today, the need for information security is constantly growing – especially as digitalization increases.

Securing information means securing future success

Information security will have a significant impact on corporate success over the coming years. Since everything we do is based on information, and systems become more and more interconnected, securing information is an imperative for future success. 

At GEA, information security is one of the prime strategic priorities. We shape and design our value creation processes to ensure information is handled securely.

By protecting our own and our partners’ company information, we will all have the prerequisites and the peace of mind to focus on what we do best: engineering for a better world.

Protecting all kinds of sensitive information

GEA strives to be the world’s leading technology group, providing innovative and sustainable solutions for sophisticated process industries. Our long-term strategy is based on our central goal to be the partner of choice for customers worldwide.

Accordingly, we strive to have a profound, secure, effective, and efficient Information Security Management System (ISMS) in place.

At GEA, we work hard every day to achieve this. We operate and continuously improve our global ISMS, which consists of preventive, detective, reactive, and corrective security measures against growing security threats. From top management to every employee, each member of the GEA Group worldwide is committed to protecting both the information of our customers and partners as well as our own in the best possible way within their area of responsibility.

Comprehensive information security approach

Our approach is to protect all kinds of sensitive information: intellectual property, strategic, pricing, personal information and other know-how processed by GEA, regardless of its format. Because information security applies to physical, electronic, and verbal information alike.

Our goal is to adequately protect all information assets from theft, loss, unauthorized disclosure, unlawful access, misuse, unauthorized modification, and destruction. 

We achieve this by covering the core values of information security – confidentiality, integrity, and availability – also known as “CIA.”

Core values of information security – confidentiality, integrity, and availability

Global Information Security Management System (ISMS) based on ISO/IEC 27001

GEA operates and runs a global Information Security Management System (ISMS). It supports the Executive Board, managers, and all GEA employees in protecting sensitive information.

The security measures put in place by our ISMS play a preventive role to avoid risks in the first place. But we have also defined detective and corrective measures to respond to successful attacks in a timely manner.

GEA’s ISMS is based on the ISO/IEC 27001 standard, takes on board industry-specific regulations, is continuously further developed by our Chief Information Security Officer, and is reviewed and approved by the Executive Board.

Global Information Security Management System (ISMS) based on ISO/IEC 27001

Two lines of defense against any kind of attacks

Within the ISMS, we operate and maintain two lines of defense against major security risks. 

In the first line, seven focus areas address risks and threats where they occur: 

  • IT Security – Secure information in office IT network and systems
  • Physical Security – Secure information in sites, buildings, and offices
  • Supplier Security – Secure information in the procurement and supply chain
  • HR Security – Secure information in people’s minds, prevent oversight and insider threat
  • OT (Operational Technology) Security – Secure information in production and engineering network & systems
  • Product Security – Secure GEA’s digital products
  • Digital Media Security – Secure web and social media presence

As a second line of defense, the Chief Information Security Officer is responsible for information security governance. He establishes the security levels at GEA by defining the security requirements, risk levels, and standards.

Customers and partners benefit in many ways

Thanks to GEA’s Information Security Management System we protect information assets through effective, efficient, and modern methods. Our customers and partners benefit from that in many ways:

  • Peace of mind – Customers’ and partners’ data is safe with us since we protect all information assets, including those of our customers and partners.
  • Competitiveness – Is preserved since we protect intellectual property (e.g., solutions tailored to our customers) against theft and espionage.
  • Security of supply – Supply of GEA machinery, plants, or process technology is secure since we defend against sabotage and loss of production.
  • Protected infrastructure – The infrastructure of our customers and partners is protected since we defend attacks targeting their systems through our GEA environment.

Information Security Certificates

To prove that information is handled securely at GEA we have independent, renowned institutions audit and confirm the efficiency and effectiveness of the security measures we take to protect our information and that of our customers.

Here you will find an overview of the certifications we have already achieved.

ISO/IEC 27001:2013 GEA Group Umbrella Certificate and Sub-certificates

GEA achieved the ISO/IEC 27001:2013 Certification for the GEA Group as an umbrella certificate as well as concrete for the legal entities GEA Group AG and GEA Group Services GmbH, provided by the TÜV Rheinland in January 2022.

The international standard ISO/IEC 27001:2013 confirms the adequate documentation, implementation and effectiveness of our Information Security Management System (ISMS).

TUV

UK Cyber Essentials Certification

GEA also achieved UK Cyber Essentials Certification in 2021. The government-backed Cyber Essentials Certification in the UK helps businesses protect themselves against cyber-attacks. By obtaining this certification, we are proving to customers we can properly protect our own as well as others’ data. 

Stay in touch with GEA innovations and stories by signing up for news from GEA.

Sign up

We are here to help! With just a few details we will be able to respond to your inquiry.

Contact us