Emons and HITGuard - a success story
Hybrid model: with two recognized standards for a holistic information security organization
About Emons
Emonsbased in Cologne, is an established and globally active transport and logistics company with high quality and environmental standards. Since the company was founded in 1928, the name has stood for continuity, a high degree of reliability, flexible services and one of the few medium-sized private logistics networks in Germany. The international network of locations and know-how enables customers to connect to all the important centers of the world.
As an international logistics company, Emons is particularly concerned with protecting the critical information assets that form the foundation of successful customer services. At the heart of these assets are shipment tracking with barcodes and a range of innovative digital services for the optimization of transport and logistics services. "At Emons, information processing plays a key role in the fulfillment of essential processes and services and forms the basis of operational processes as well as satisfying the increasing demand for information on the part of customers and partners," says René Koch, CISO at Emons. "Protecting these information assets and our business-critical processes in a risk-based and holistic security process is becoming increasingly important for Emons in the age of digitalization."
The use case: Hybrid ISMS according to BSI IT-Grundschutz and ISO 27001
Emons' motto is: "You don't entrust just anyone with what is particularly important to you". In order to live up to this and underpin the trust of its customers, the company has laid the foundations for a Group-wide, holistic information security organization with the position of Chief Information Security Officer. René Koch implemented a hybrid information security management system (ISMS) that is largely based on the international ISO family of standards and the recommendations of the BSI's IT baseline protection compendium. Furthermore, internal requirements and legal framework conditions, such as those of the European Data protection basic regulation (GDPR), were included in the design of the ISMS.
Why HITGuard?
HITGuard offers the possibility of a hybrid implementation because the two information security standards can be used together and in coordination with each other. "You don't have to choose one or the other, but can use the available norms and standards as well as the knowledge databases available in HITGuard in combination,
to precisely cover your own needs."
Another major advantage for René Koch is the tool's smart structure analysis. It is an important instrument in the management of critical and sensitive information assets. "The graphical editor and the flexible evaluation options for the information entered in analysis mode make it easier for us to manage the resources and all associated data." HITGuard offers an appropriate depth of implementation for all of this. For René Koch, this means "achieving the desired results quickly and in a resource-saving manner".
Working with the tool
In addition to the subscribed knowledge databases, IT staff and IT security at Emons also use a specially created database that combines the company's internal compliance requirements for information security and Data protection with the requirements and recommendations of the two standards. Mappings were created in HITGuard for these controls from the standards, allowing the fulfillment of all internal and external requirements to be evaluated in parallel. This allows Emons to develop internal guidelines and policies directly in the management system as part of its own knowledge database.
For Mr. Koch, who is responsible for the information security organization of a very heterogeneous company structure at Emons, the graphical WYSIWYG editor and the various import options have become indispensable for modeling the structural analysis. He and his colleagues can work directly and easily without having to overcome barriers in the modeling, such as additional queries. The resulting data quality is also transferred to the resulting reports, to which he attaches great importance, especially in C-level reporting.
In their day-to-day work with HITGuard, users appreciate the fact that collaboration and communication that transcends national borders is made so easy: from deadlines and reminders to the development of implementation progress and follow-up measures. Planning and collaboration directly in the tool significantly reduces their time expenditure, as less travel is required, for example.
Highlights
For Emons as a large and complex company, one of the biggest advantages of HITGuard is its flexibility. On the one hand, the various management systems can each configure their own risk matrices and adapt the risks, protection targets, extent of damage and associated classifications to their different scopes. On the other hand, risk management is integrated and allows the structural analysis to be adapted to the requirements of all management systems.
It is possible to handle information assets transparently and share them - the individual management systems can therefore work with the same data, evaluate it from their own perspective and protect it accordingly. The data basis is thus harmonized and, in contrast to manually maintained lists or completely separate systems, is less prone to errors.
The interaction and dependencies between information assets and the people responsible for them become just as clear when working with HITGuard as the constellation of critical assets worthy of protection. This can open the eyes of those responsible, giving them new and clear perspectives on which to build targeted processes.
Recommendation
Mr. Koch, who has already gained experience with several similar tools in his professional career, recommends HITGuard to a broad group of users:
- those who are struggling with a lack of resources in information security,
- those who are introducing an ISMS for the first time or who have to meet certain requirements as a KRITIS operator, and
- those who want to switch from one tool to a new one and want quick results.
HITGuard produces results quickly and efficiently and is therefore predestined for anyone who has to meet the high demands of today's world.
| Key data | |
|---|---|
| The company | Emons Holding GmbH & Co. KG |
| Industry | Transportation and logistics |
| Head office | Cologne, Germany |
| Number of employees | 3.650 |
| HITGuard modules and add-ons in use |
Basic modules Risk management, measures and controls, Audit management add-on Data protection Add-on Information security knowledge database in accordance with ISO 27001, Knowledge database information security according to BSI IT-Grundschutz |
| Management systems | 3 |
| active users | 7 |