GEA operates and runs a global Information Security Management System (ISMS). It supports the Executive Board, managers, and all GEA employees in protecting sensitive information.
The security measures put in place by our ISMS play a preventive role to avoid risks in the first place. But we have also defined detective, reactive and corrective measures to respond to successful attacks in a timely manner.
GEA’s ISMS is based on the ISO/IEC 27001 standard, takes on board industry-specific regulations, is continuously further developed by our Chief Information Security Officer, and is reviewed and approved by the Executive Board.
The below section displays how our Information Security System at GEA comes together, including our effective teams, that all contributes to handling our ever-changing security needs.
Within the Information Security Management System, we operate and maintain two lines of defense against major security risks. In the first line, seven focus areas address risks and threats where they occur. As a second line of defense, the Chief Information Security Officer is responsible for Information Security Governance. He establishes the security levels at GEA by defining the security requirements, risk levels, and standards.
Thanks to GEA’s Information Security Management System we protect information assets through effective, efficient, and modern methods. Our customers and partners benefit from that in many ways:
Our Information & Cyber Security Department, headed by the Chief Information Security Officer, is in charge of information security governance as part of our Second Line of Defense security function.
To prove that information is handled securely at GEA we have independent, renowned institutions audit and confirm the efficiency and effectiveness of the security measures we take to protect our information and that of our customers.
Here you will find an overview of the certifications we have already achieved.
GEA achieved the ISO/IEC 27001:2013 Certification for the GEA Group as an umbrella certificate as well as concrete for the legal entities GEA Group AG and GEA Group Services GmbH, provided by the TÜV Rheinland in January 2022. The international standard ISO/IEC 27001:2013 confirms the adequate documentation, implementation and effectiveness of our Information Security Management System (ISMS).
GEA achieved UK Cyber Essentials Certification in 2021. The government-backed Cyber Essentials Certification in the UK helps businesses protect themselves against cyber-attacks. By obtaining this certification, we are proving that we can properly protect our own as well as others’ data.
Security assets and future success – Information Security at GEA
Information Security Policy
Certificate ISO/IEC 27001:2013
Annex to certificate ISO/IEC 27001:2013
Cyber Essentials Certification
Cyber security management system certificate IEC 62443 2-1
Cyber security management certificate - appendix
GEA achieved the ISO/IEC 27001:2013 Certification for the GEA Group as an umbrella certificate as well as concrete for the legal entities GEA Group AG and GEA Group Services GmbH, provided by the TÜV Rheinland in January 2022.Read more
Stay in touch with GEA innovations and stories by signing up for news from GEA.Sign up
We are here to help! With just a few details we will be able to respond to your inquiry.Contact us