Data security must be put into practice in the organization

Secure IT solutions can only be created in a secure environment. It is therefore absolutely essential that the issue of data security be firmly rooted in the organization and its IT processes. This can be done by implementing an effective security strategy that is underpinned by corresponding security standards. In addition, employees must receive regular training in the importance of data security and be made aware of the growing security risks as they are the first line of defense in the fight against potential cyberattacks.

At PROSTEP, data security is an integral part of our corporate DNA. We regularly analyze the potential risks and threats to which we are exposed and have implemented appropriate security measures. We have defined clear guidelines and procedures for handling sensitive data, including relevant password guidelines, access controls and communication paths. That is why we use our own secure data exchange platform, OpenDXM GlobalX, for transferring sensitive customer data. There is also a clearly defined process for reporting and processing security issues that ensures that we can respond quickly to situations that pose a risk.

To further strengthen our customers’ and partners’ confidence in our security management, we regularly undergo ISO 27001 certification. This certification attests to the fact that we meet the requirements of the most important international information security standard, not only in terms of the security of our IT systems but also at the level of our processes and the conduct of our employees. Another element in our security architecture is TISAX certification, which now forms the basis for the organization of the collaborative process for many carmakers and automotive industry suppliers. Taking ISO 27001 as its starting point, the standard defined by the VDA defines uniform requirements for handling confidential and personal data as well as for protecting the IT infrastructure.

What is more, our business processes meet the requirements of the ISO 9001 quality standard, which also covers aspects of data security and explicitly includes the development of our standard software products (OpenPDM, OpenCLM and OpenDXM GlobalX). We also fulfill the data protection provisions of the General Data Protection Regulation (GDPR). This set of security measures is neatly rounded off by a software development environment whose automated processes and mechanisms ensure an outstanding level of security. This is presented in more detail in the next article. So keep on reading!