Reliable protection for critical infrastructure

Winkhaus receives ISO 27001 certification

Stay on the safe side: In Winkhaus, authorities and operators of critical infrastructure now have a partner that meets the requirements of ISO 27001. This simplifies the award process if investments in an electronic locking system are to be made.
Operators of critical infrastructures (KRITIS) must provide special protection for their business processes in order to ensure that the population will be taken care of, even in the event of disaster. This is intended to prevent major failures in the security of supply in the face of the growing threat of cyber attacks. According to the Critical Infrastructure (KRITIS) Ordinance, this applies to companies in the energy, information technology and telecommunications, water and food, transport, health and finance and insurance sectors. 

To this end, companies in the relevant sectors establish an information security management system (ISMS) to patch up weak points within the structures and minimise security risks. The internationally recognised ISO 27001 standard defines criteria for the establishment, introduction, operation, monitoring and continuous improvement of an ISMS.

Less inspection work required during the awarding process
Winkhaus has also implemented an ISMS as per ISO 27001 for its access management segment and had it certified by TÜV Rheinland in order to face the growing threat situations posed by cyber crime and at the same time reduce inspection effort for customers from the aforementioned sectors in the course of awarding a contract. As such, customers who opt for Winkhaus access organisation technologies such as blueSmart or blueCompact do not need to send Winkhaus any time-consuming questionnaires or carry out supplier audits to ensure that the relevant service processes comply with ISO 27001. This saves them time when selecting the right access control components.

Demanding requirements
TÜV Rheinland conferred the certificate as an auditor in November 2021. The extensive certification process imposed demands requirements on the company’s processes. Numerous processes in various divisions of Winkhaus were examined – from central purchasing to the HR department, central IT and site security. One focus was on the service processes, such as how complaints are processed and according to which specifications does the service hotline for blueControl locking system administration software operate. An important aspect of ISO 27001 is IT and data security. Winkhaus achieved first-class results. Remote maintenance tools enable quick and secure access to the customer’s systems in the event of an emergency so that authorised Winkhaus technicians can provide qualified support. 

In addition to the actual product certifications (including CE, VdS approval, EN 15684 and EN 16867 classification), the quality management system as per DIN EN ISO 9001:2015 and the energy management system as per DIN EN 50001:2018, the certification as per ISO 27001 now certifies that the IT and data protection processes at Winkhaus also meet the highest criteria for security and quality.