SumiRiko AVS Holding Germany: Implementation of Information Security and Compliance Management System
China site certified in accordance with ISO 27001 and ISO 19600 introduced at headquarters in Steinau
A further SumiRiko AVS Holding Germany GmbH site has been certified in accordance with the ISO 27001 standard. Following the headquarters in Steinau an der Straße, the Chinese plant (SumiRiko AVS Wuxi Co. Ltd.) was successfully certified in May. The plant in Wuxi is therefore not only the Group’s first production site to be certified in accordance with this standard – it is also one of the first in the whole of China. In this audit, the information security standards were checked, risks were assessed and processes adjusted accordingly. The ISO 27001 standard specifies the requirements of an information security management system (ISMS) that covers IT baseline protection, and now applies as a matter of course in the IT industry. The automotive industry has also recognised the need for this standard, and the site will therefore also meet the high requirements of international customers.
Information security is more important than ever in today’s networked world of the automotive industry. Vehicle systems and components are worked on by numerous suppliers in a global network, resulting in a constant exchange of sensitive data and information. For car manufacturers, it is particularly important that this information be treated confidentially. Information security has therefore become one of the most important factors contributing to effective and confidential cooperation between car companies and their suppliers. “We expect others to handle our data safely and securely, and of course precisely this is also what our counterparts demand. This applies to our private life just as it does to our business relationships,” says Prasarth Rabindran, Director Group Compliance & IT. ISO 27001 forms the basis of this information security and ensures the setting up, operation and continuous improvement of an ISMS.
The standard is updated at regular intervals and is gaining increasing importance in the business environment. SumiRiko AVS Wuxi is therefore one of the first companies in the industry in China to be certified in accordance with the standard. “Wuxi was particularly important here because it is also a development site where large amounts of sensitive data are exchanged,” says Rabindran. As the plant is a member of the Sumitomo Riko Group, this also shows how important this step is for the entire group. The certification of further plants is being prepared and will follow swiftly. “This kind of certificate is always a big investment, because the processes and systems must be adjusted to the standard before an audit,” explains Olaf Hahn, CEO of SumiRiko AVS Holding Germany. “After we’d gathered plenty of experience with the certification of the Steinau site in 2015, the job was then to adapt this knowledge to Chinese standards,” Hahn continues. “We are accordingly proud and are gradually continuing with our other sites.”
The ISO 19600 international standard enjoys the same relevance. This relatively new standard has been actively implemented in the Steinau headquarters since the end of 2017 and is continuously checked by independent partners. The standard includes guidelines that help to detect unlawful conduct in the company and to adequately respond to it. It also helps with the assessment of risks that could result from such incidents. “Of course, standards like these require very high expenditure in the company, but it pays off in the long term,” says Hahn.
“An internationally binding codex for all of the company’s sites was already defined in 2015 with the publication of the Code of Conduct, to which all employees must adhere,” says Rabindran in supporting the work of the Compliance Division. Together with the parent group, Sumitomo Riko, awareness is boosted in the entire Group with regular compliance training activities. “The whole thing can only work if all employees actually ‘live’ the guidelines,” says Hahn. At the same time, global whistleblower hotlines have also been set up, where violations can be reported both internally and externally.
The term ‘compliance’, which encompasses adherence to legal provisions and guidelines, has long been a very important matter in the Sumitomo Riko Group. This is why it also appears in the business philosophy, ‘the Sumitomo Spirit’, as a basis for the Sumitomo Group Management and the core principles of ‘S (Safety), E (Environment), C (Compliance), Q (Quality)’. “But we now also know that this topic is really increasing in importance with the current situation in the automotive industry. Such topics are therefore part and parcel in acquiring big projects when our customers are placing contracts,” explains Hahn. The long-term goal is to also implement the ISO 19600 standard in all sites.
4810 characters (including spaces)
SumiRiko AVS Germany GmbH
36396 Steinau an der Strasse
Phone: +49 6663 9128-121
Fax: +49 6663 9128-4121