ASE Automotive Academy >
In The News
Article Date: 27 June 2019
In today’s digital era trust between a vendor and its customers is more important than ever, but it is also harder than ever to protect because the threats to this relationship are no longer just physical, but also online and can happen at anytime. That is why we have always prioritised data security at ASE Global. We recognise how crucial it is to protect sensitive information belonging to our customers and partners. For example, we invested significant resources to ensure compliance with the General Data Protection Regulation (GDPR), as this allowed us to refresh our approach to information security and ensure we have multi-layered defenses.
However, a quick glance at the automotive press shows the cybersecurity threat is constantly evolving, as innovation and technology becomes more pervasive across every aspect of design, production and customer engagement. As a result, we are continuously re-assessing our approach to information security and we are delighted to announce we have achieved ISO27001 certification in the UK and Austria. This validation reassures our customers that our approach is robust and process-led, and properly integrated with our physical security systems. The ISO27001 certification is the best known of a family of standards, designed to help organisations manage the security of assets such as financial information, intellectual property, employee details or information entrusted to organisations by third parties.
We have welcomed the opportunity to use external auditors, SGS, to evaluate the security of our IT infrastructure. It has allowed us to examine in detail how we protect client data, over and above the requirements of GDPR. It has also ensured our change management processes are up-to-date, which is important given our on-going integration of Edentity Software Solutions, headquartered in Austria, into our infrastructure. We are handling highly confidential material on operational data for our customers feeding into both management and statutory accounts, so this audit allows us to demonstrate we are taking every possible precaution.
Undertaking the ISO certification process we have developed an Information Security Management System (ISMS), which delivers on the security-by-design philosophy to ensure our information systems are built with security in mind from the get-go. It allowed us to understand our security stance, where we are today in our readiness, assess risk and identify what we need to do to meet the ISO standard’s stringent requirements. Additionally, our work with ECSC meant we could embed a security-first mindset in the company culture and remind all our employees of the importance of protecting our clients’ sensitive data. Following the audit process we were happy to learn ECSC identified 0 non conformities out of 140 controls that were examined.
Of course, securing ISO27001 certification does not mean we can rest on our laurels! We know the threat is constantly evolving, so we will maintain our vigilance and constantly look to evaluate what else we can do to maintain our security-by-design strategy.
In case of any questions please contact at James.Roberts@ase-global.com
Tel: +44 (0)161 493 1930
