Information Security Management System
Global Information Security Management System (ISMS) based on ISO/IEC 27001
GEA operates and runs a global Information Security Management System (ISMS). It supports the Executive Board, managers, and all GEA employees in protecting sensitive information.
The security measures put in place by our ISMS play a preventive role to avoid risks in the first place. But we have also defined detective, reactive and corrective measures to respond to successful attacks in a timely manner.
GEA’s ISMS is based on the ISO/IEC 27001 standard, takes on board industry-specific regulations, is continuously further developed by our Chief Information Security Officer, and is reviewed and approved by the Executive Board.
“At GEA we have a strong team of experts for the entire range of information security disciplines. We are striving for the highest possible standards for our security measures, the training of employees and the protection of our business operations.”
Iskro Mollov
Chief Information Security Officer
The below section displays how our Information Security System at GEA comes together, including our effective teams, that all contributes to handling our ever-changing security needs.
Within the Information Security Management System, we operate and maintain two lines of defense against major security risks. In the first line, seven focus areas address risks and threats where they occur. As a second line of defense, the Chief Information Security Officer is responsible for Information Security Governance. He establishes the security levels at GEA by defining the security requirements, risk levels, and standards.
Focus Security through clear structures
Thanks to GEA’s Information Security Management System we protect information assets through effective, efficient, and modern methods. Our customers and partners benefit from that in many ways:
- Peace of mind – Customers’ and partners’ data is as secure as possible with us since we protect all information assets, including theirs.
- Competitiveness – Is preserved since we protect intellectual property (e.g., solutions tailored to our customers) against theft and espionage.
- Security of supply – Supply of GEA machinery, plants, or process technology is protected since we defend those against sabotage and loss of production.
- Protected infrastructure – The infrastructure of our customers and partners is protected since we defend against attacks targeting their systems through our GEA environment.
The Information & Cyber Security Team
Our Information & Cyber Security Department, headed by the Chief Information Security Officer, is in charge of information security governance as part of our Second Line of Defense security function.
"Within GEA we have recognized that an identity is a major target for attackers. To streamline and improve our efficiency in responding to such threats, we have placed our Security Incident Managers and IAM Experts within a single team. This was all made possible by developing an effective, efficient and audit-proof process for Identity and Access Management built by collaborating with departments all through GEA."
Scott Turner
Head of the Department IAM and Security Incident Response
“At GEA, we have developed very high standards for Information Security. Ensuring that these standards are implemented in all regions is my job – and the job of my whole team!”
Gary Hensel
Regional Information Security Officer AMERICAS
"With the help of our strong Local Information Security Officers team, we are successful in implementing and developing our Information Security standards worldwide.“
Victoria Rodríguez
Regional Information Security Officer EMEA
"The togetherness of diverse, multicultural and international colleagues is what I enjoy most about my job. We collaborate and improve GEA’s security by working together as a global team.”
Pete Siau
Regional Information Security Officer APAC
„Information security is also a top priority for us within the divisions. We are proud of our certificates, which show that we successfully implement and comply with security standards.“
Thorsten Fibbe
Business Information Security Officer Separation & Flow Technologies
Information Security Certificates
To prove that information is handled securely at GEA we have independent, renowned institutions audit and confirm the efficiency and effectiveness of the security measures we take to protect our information and that of our customers.
Here you will find an overview of the certifications we have already achieved.
ISO/IEC 27001:2013 GEA Group Umbrella Certificate and Sub-certificates
GEA achieved the ISO/IEC 27001:2013 Certification for the GEA Group as an umbrella certificate as well as concrete for the legal entities GEA Group AG and GEA Group Services GmbH, provided by the TÜV Rheinland in January 2022.
The international standard ISO/IEC 27001:2013 confirms the adequate documentation, implementation and effectiveness of our Information Security Management System (ISMS).
UK Cyber Essentials Certification
GEA achieved UK Cyber Essentials Certification in 2021. The government-backed Cyber Essentials Certification in the UK helps businesses protect themselves against cyber-attacks. By obtaining this certification, we are proving that we can properly protect our own as well as others’ data.
Downloads
Corporate press release
