Securing Competitive Advantages through Information Security

Joh. Meier Werkzeugbau GmbH (JMW) is specialized in the production of tools for serial production in the automotive sector. With the implementation of DHC Business Solution’s software system for information security the company complies with security requirements according to ISO 2700x according to VDA 3.0.

VDA 3.0 certification is crucial for gaining a competitive advantage

“Quality for your success” is the mission statement of JMW, one of the important tier-3 suppliers in the supply chain for automotive OEMs (Original Equipment Manufacturer). The company offers a range of high-tech products, from initial samples to batch production and serial parts within a finely tuned production network. JMW specializes in tools for the production of blanks, follow-on and transfer tools, tools for press hardening and hot forming as well as prototype tools of all kinds.

With such specialization, high-tech orientation and networking, it comes as no surprise that JMW attaches great importance to IT security issues. Additional regulatory requirements specifically for automotive suppliers apply. On a regular basis, suppliers have to provide evidence of their compliance with customers’ high information security requirements. Certification according to VDA 3.0 (German Automotive Association) as well as the newly defined TISAX exchange mechanism (Trusted Information Security Assessment Exchange), which was added to the requirements catalogue VDA ISA in 2017, provides the basis for information security management activities. TISAX serves the need for cross-company information security assessments and defines a common examination and exchange mechanism under the sponsorship of the ENX Association.

In this context, and triggered by an OEM, JWM management asked Mat Conrads to lead a project for VDA 3.0 certification as well as for the implementation of information security measures at JWM. “A successful TISAX assessment is vital to JMW”, Conrad says. “For competition in the automotive industry is fierce, and TISAX listing is a core criterion for selecting business partners.”

In addition to the protection of data and prototypes, information security requires particular attention. This is reflected in the current VDA catalogue of criteria for information security assessment. A series of new controls for assessing an ISMS according to ISO 27001 (resp. ISO 27002:2013) has been added to the catalogue. “More than 60% of all aspects relevant for certification deal with information security issues. Hence, implementing an information security management system (ISMS) is of high priority to JMW.”

ISMS based on DHC VISION – Smart from implementation to productive use

Even medium-size companies like JMW have to comply with the same governance and compliance rules that also apply to international corporations. However, specialized staff departments or dedicated resources for the much-needed implementation of digitalization projects very often are missing in such companies. For that reason, it is impossible to initiate IT projects that run over several months and parallel to daily business operations. DHC responds well to the situation: “The comprehensive package that DHC offered was crucial for our decision to cooperate with our new partner, i.e. speedy implementation and a short time to market together with optimal possibilities for integrating our new ISMS with upstream and downstream management systems in place,” Conrad confirms. “This is how we were able to harmonize information and quality management requirements with VDA guidelines,” Conrad adds. “We are fully satisfied with our decision as the software we implemented comes with a modern design and an attractive User Experience (UX) while at the same time it offers an attractive prices-performance ratio. The DHC VISION dashboards are of particular value: They provide real-time data related to assets, risks and potential damages, to the state of guidelines and the most important KPIs. Our management was fully convinced that DHC VISION is the right choice; in short, we have taken the right decision”, Conrad states.

JMW’s digitalization strategy is oriented toward the future. It includes more digital integration and communication between machines, plants, and products. It also is focused on digitalizing not value adding management processes and on adapting processes to digital options. VDA 3.0 certification is the starting point for further digitalization within the company; more processes, e.g. CAPA, quality, and complaints management, will be added gradually during the months ahead.

Dr. Wolfgang Kraemer, Managing Director at DHC Business Solutions, is looking forward to the cooperation with JMW. “Our business model is geared toward providing professional support to growth-oriented high-tech companies. We relieve our partners of IT operation tasks and help them focus on ‘industrial internet’ strategies. This accounts for our own significant growth this year.”