Christian von Rützen, Department Head IT Security at Dachser, explains how the growing number of cyberattacks has changed the requirements of customers and business partners in the logistics industry. He also discusses what Dachser has implemented to ensure robust security processes, including a comprehensive information security management system.
Natalia Jakubowska, Trans.iNFO: How have the requirements of customers and business partners changed regarding information security and data protection due to the increasing cyberattacks we are seeing in the logistics industry?
Christian von Rützen, Department Head IT Security at Dachser: The rise in cyberattacks in the logistics industry has significantly changed the requirements of customers and business partners concerning information security and data protection.
Our customers and business partners are increasingly concerned about information security in their supply chains.
This is especially true when it comes to new business, we receive more frequent and detailed inquiries, including comprehensive questionnaires.
What characterises a high level of information security in a company?
The easiest way for outsiders to assess this is through certification by recognised standards, such as ISO 27001.
Certifications are awarded by independent external auditors. It is worth examining the scope of the certification to see if the entire company is certified or just a small part of it.
Dachser recently received the TISAX label. Why is this certificate so important, and what advantages does it bring?
The TISAX label is particularly important in the automotive industry and is increasingly required by large car manufacturers (OEMs).
Considering the long and complex value chains in the automotive industry, it is understandable that OEMs want to ensure reliability in the digital space.
Is the automotive industry more dependent on computer systems and digital technologies compared to other industries in which Dachser has business partners?
We cannot and do not want to make comparisons between different industries.
For the logistics industry, direct dependence on digital technologies is not new. This is why Dachser has been intensely focused on information security for over 20 years.
What main requirements do companies need to meet to obtain the TISAX label?
The key is to operate a proper Information Security Management System (ISMS).
This means that the essential processes of information security are regulated and implemented, including risk management, handling vulnerabilities and incidents, and much more.
What are the differences between TISAX and ISO/IEC 27001 in terms of information security?
The TISAX label is considered the little sister of the ISO 27001 certification. This is not meant disrespectfully, but makes more sense in the automotive industry, where supply chains are medium-sized and small-scale.
As for the full ISO 27001 certification, it would significantly overwhelm many, especially smaller, companies.
How long did the certification process for TISAX take at Dachser, and what was it like? What challenges had to be managed?
Since we have been ISO 27001 certified for over 10 years and have robust security processes, the substance was already present in the ISMS.
We essentially needed to gather the relevant documents to meet the specific TISAX requirements.
To what extent does the introduction of TISAX standards support Dachser’s long-term strategy regarding information security and data protection? Are further measures planned to strengthen information security?
We have a long-term strategy for our information security and are continually improving it because requirements and threats are constantly evolving.
This is our inner drive and how we meet the standards’ requirements, such as TISAX or ISO/IEC 27001.
What future developments do you see in the area of information security in the logistics industry, and how is Dachser preparing for them?
The megatrends of the digital world are reflected in information security: digitalisation, stronger networking, automation, artificial intelligence, and skill shortages.
Additionally, international organised crime poses a threat. Our job is to address these trends at all levels—from security strategy and architecture to technical implementation—and to find the best possible answers to all challenges.