For years, the Transporeon Group has placed great value on comprehensive information security throughout the company. In December 2018, the Mercareon and Ticontract divisions joined Transporeon in being certified under DIN ISO/IEC 27001, or ISO 27001 for short. As a result, the Group can objectively prove that it meets high international information security standards for other key business units, which will especially benefit its customers. After all, networking is continuously increasing along the entire digital supply chain – and makes the systems of all participants more prone to security risks.
Due to the expanding role of digitalization, industrial and commercial shippers, suppliers, and carriers are paying increasing attention to information security when selecting business partners. Many must fulfil strict legal requirements and internal guidelines – and also document extensive security efforts – when working with other organizations. If shippers and carriers cannot illustrate objective proof, such as an ISO certification, they must spend time checking how carefully their partner handles data and what risk the cooperation entails for their own business activity.
For this reason, Transporeon obtained certification under ISO 27001 in June 2016. “Our first goal was to quickly achieve certification of our core operational processes, which are primarily related to the Transporeon platform. To do this, we had to build up an information security management system (ISMS) and meet extensive documentation requirements. Transporeon has shown it could do both in practice in the past few years, and has now extended this strategy to Ticontract and Mercareon as part of the second ISO certification. However, we have always worked to achieve high security standards throughout the company independent of ISO certification,” explains Ahmet Arslan, Chief Development & Engineering Officer (CDEO) of the Transporeon Group.
For the current certification, independent auditors from TÜV Rheinland performed audits in December 2018 at the company’s sites in Ulm and Kempten. The certificate was officially awarded on 6 February certifying that the Transporeon Group has an existing and functioning information security management system forsecure operation and secure service provision of its communication platforms.
Transporeon Group ensures availability, confidentiality and integrity of customer data
Successful certification requires implementation of an ISMS that effectively helps protect the availability, confidentiality and integrity of customer data. The requirements go well beyond technical security measures to also include many organisational issues. Therefore, Transporeon Group processes and actions cover all departments and employees whose activities and functions are important for comprehensive protection of customer data and trouble-free access to the digital services of the e-logistics platforms. These especially include IT, but also the human resources and legal departments, as well as customer service. Additionally, every Transporeon employee is taught about compliance issues and the responsible handling of sensitive data – such as passwords and data protection questions – and other data security procedures in regular training events.
Operation of company-owned computing centres further increases information security
The Transporeon Group carries out extensive technical measures for information security. These include, for example, physically separate backup of data and IT components, effective encryption processes, regular software updates, installation of the latest anti-malware software and up-to-date firewalls. Access to office buildings and rooms, in turn, is strictly regulated – and only permitted with a visitor or employee ID.
But the ISO/IEC standard goes further: Every year, as part of a risk analysis in the information security management system at the Transporeon Group, scenarios in which customer data access and platform services are endangered are played out – and supplemental actions to minimise risk are taken, if needed. Accordingly, the Transporeon Group has a second computing centre, to which all systems could be switched in a very short time if one centre goes down. For even more security, the servers in the computing centres are not administered by external service providers, but installed, operated and monitored by the company itself.
“The certificate shows we have already implemented a high level of information security and are continuously working on optimization,” says Arslan. “Our systems are tested annually for security gaps by an external service provider, and no critical security risks have been identified. That’s a great success for us, and the certificate itself provides great added value for our customers.”
Markus Franke, Senior Information Security Officer of Transporeon Group, Thomas Frenzl, sales representative for southern Germany for TÜV Rheinland Cert GmbH and Ahmet Arslan, Chief Development & Engineering Officer (CDEO) of Transporeon Group, at the official award of the ISO 27001 certificate on 6 February in Ulm (left to right). The Transporeon Group is one of few e-logistics service providers that can document a high level of information security in accordance with the international ISO standard (source: Transporeon Group).