Prototype Protection in accordance with ISO 27001

  • Developed in collaboration with leading automotive manufacturers
  • Procedure as a foundation for the VDA prototype protection catalogue
  • Accredited by the TGA (German Association for Accreditation GmbH)

With SEP-sec (information security management for system and development partners in the automotive industry), we offer a procedure specially for the development partners in the automotive industry. They provide analysis, optimisation and certification of the level of protection of your information, tailored to your specific needs and the manufacturer requirements.

The procedure has three pillars:

You profit from transparency, efficient networks, appropriate measures and fast, flexible reactions in the event of a problem. SEP-sec includes:

  1. Organisational aspects of information protection in accordance with ISO 27001
    Emphasis: confidence/availability/integrity
  2. Technical aspects for the IT infrastructure
    Emphasis: confidence (electr. espionage)
  3. Non IT security aspects of ‘classic security’
    Emphasis: prototype protection

Process and methods
You can achieve premium-quality, secure IT infrastructures in four phases:

1. Analysis
Assessment: we use an organisational assessment to inform you of the appropriateness, systematics and completeness of your company-specific information protection and data security. In doing so, we inspect the relevant processes, functions and responsibilities. You receive a detailed risk analysis and a prioritised catalogue of measures.

Network check-up: the security check-up covers your technical infrastructure in terms of potential and future weaknesses. Our network specialists conduct scanning and penetration tests on your network’s external interfaces. We also use procedures such as application testing and client hacking. You will then receive a status report about your technical security, the manipulability of the network accesses and recommendations for the optimisation of security measures.

2. Measures
For the localised weaknesses, we recommend suitable measures which can be specified in an action plan. The appropriate measures are then introduced and established on the basis of a specially developed process model based on ISO 27001. This occurs using a prioritised procedure. At the end of this procedure a certification is suggested for the relevant areas.

3. Certification

  • Bases for assessment: 
    • Auditing and evaluation in accordance with ISO 27001
    • Requirements catalogue ISO/IEC 27001:2005
    • Auditing and evaluation of the enterprise security information protection processes (EnSEC)
    • EnSEC requirements catalogue V 1.14 of 19/01/2003
    • Supplementary requirements to the EnSEC requirements catalogue ‘Information security management for system and development partners in the automotive industry’, V1.04 of 31/01/2004
  • Examination bases for technical tests:
    • NPS-specific requirements of the EnSEC requirement catalogue, version 1.14
    • Testing and evaluation of firewalls with TÜV Secure iT Version 1.04’s best practice
    • TÜV Secure IT’s Expert management system ‘penetration testing’

4. Monitoring

Your company continually uses the regular monitoring processes:

  • Current risks are recognised immediately
  • Suitable measures are implemented quickly
  • Level of security always meets the industry’s requirements
Search
Standort

Germany
choose another country

TUVdotCOM ID
TUVdotCOM ID

The TUV certificate for quality and safety of approved products and companies.

Contact

Please Contact us.

Location search

Find the nearest TÃœV location:

Search for TÃœV locations:
Further Topics

ISO 27001

IT-Security Testing

Data Protection