27001: Dallmeier obtains ISO certification for the benefit of customers and partners

 

Quality has always been a top priority for Dallmeier. Now the company is also ISO 27001 certified. We spoke to Armin Biersack, Chief Security Officer at Dallmeier, about the background.

Mr. Biersack, why did Dallmeier decide to become ISO 27001 certified as a company?
Cybersecurity, privacy and security, CRITIS, NIS2, secure supply chains. These are issues that affect our customers and the market as a whole. Against this backdrop and the changing environment, anyone who wants to continue to serve their customers with reliable products and processes needs an ISMS – i.e. an information security management system – that is certified to ISO 27001.

What is an “ISMS – information security management system” and what is it used for?
An information management system (ISMS) generally comprises standardised procedures, guidelines and predefined measures to protect sensitive data, information and assets – or company assets in general – and to minimise risks from data loss, cyberattacks and other threats. And this ISMS is what is ultimately tested in a 27001 certification. We develop a systematic approach to how we manage information and data and protect it from unauthorised access. We define clear structures and responsibilities in order to regularly identify, assess and minimise risks. Our ISMS is therefore not a one-off task, but it is integrated into the company as a permanent process.

Is Dallmeier – in comparison – early or late with the certification?
We had looked at ISO 27001 long before certification and decided to live the standard specifications and internal processes as if we had a certified ISMS in operation in order to be prepared should the need arise. In 2023, we realised that the external requirements for a certified ISMS would increase due to the CRITIS and NIS2 topics for the supply chains and would be addressed in the near future. For this reason, the management then decided to go down the certification route.

So we started early with our certification and are ahead of some of our competitors. In the long term, certification is a “must” for every manufacturer in the sensitive area of security technology.

You have identified the critical infrastructure sector – CRITIS – as a key target customer segment. What role does certification play in this?
The CRITIS sector comprises around 30,000 companies in Germany alone due to the reorganisation of the legal framework (CRITIS Umbrella Act and NIS-2 Directive, etc.). That’s why we in our industry also need to speak the language of CRITIS operators. The best way to do this is to live and understand the requirements ourselves. This protects our entire company and, indirectly, our customers. Our development and production processes are better secured and controlled, and we can advise our customers more competently and contribute our knowledge to their projects.