Comply

COMPLY

‘We live in a digital world. To counteract the real threats that this presents, stricter regulations and legal requirements are being established across all sectors

to ensure the highest possible levels of cyber and information security. We comply with and implement all of these regulations and requirements.’

René Beiler

Chief Information Security Officer

Get in touch

PCI DSS

Security in internet transactions is a cornerstone of successful online trading. The data security standard PCI-DSS (Payment Card Industry Data Security Standard) was introduced by the world’s leading credit card providers, and is designed to reduce fraud and identity theft incidents involving companies that accept online card payments. The standard is an important step toward building customer trust in online payment transactions. It also enables companies to demonstrate that they comply with all of the applicable legislation and that payment information is handled securely. However, achieving and maintaining PCI-DSS conformity is a long and cost-intensive process.

We are a Level 1-compatible PCI-DSS service provider: *um customers benefit from our specialist knowledge and our tailor-made concepts for PCI-DSS-compliant environments. Our complete solution – which covers everything from network services through to application management – guarantees the highest levels of security, enabling you to reduce the costs and resource usage associated with implementing and maintaining your security landscape, as well as for the mandatory PCI-DSS audits and 24-hour operation.

What PCI-DSS as a Service offers:

A fully redundant and highly scalable platform compliant with PCI-DSS Level 1
Very short time to market for your PCI-DSS-compliant services
Continuous improvement of PCI-DSS processes and products
Close collaboration with your IT department to simplify and streamline compliance
Guaranteed integrity and security in payment processes boost customer trust
Benefit from our PCI-DSS expertise and our success in countless complex PCI-DSS projects

VDA ISA

For a number of years, the German Association of the Automotive Industry (VDA) has had its own information security working group. This group developed a questionnaire known as the information security assessment (ISA). As manufacturers work closely with their suppliers during product development and at other stages of the production process, a high level of security is essential at this interface. “It’s very important that the data we share or exchange with suppliers is protected. When we are discussing prototypes, in particular, it is essential to ensure that all of the parties involved in the supply chain have a comparable level of IT security,” says Dr. Joachim Damasky,

Director of Technology and Environment at the VDA. With this in mind, the VDA developed the Trusted Information Security Assessment eXchange, a verification and exchange model for standardized information security throughout the value creation and apply chain. The Trusted Information Security Assessment eXchange is based on the VDA ISA and ensures that service providers and suppliers do not need to undergo audits repeatedly in short periods of time. By complying with this standard, we are guaranteeing the high industry standards of information security that apply for us as a provider and, above all, for our customers from the automotive sector.

ISO/ IEC 27001

ISO/IEC 27001 is an international information security standard for private, public, and charitable organizations. It contains requirements relating to the establishment, design, implementation, and continuous optimization of documented information security management systems (ISMS). ISO/IEC 27001 also covers the analysis and handling of risks in information security.

By achieving ISO certification, *um is demonstrating that it has implemented and complies with the requirements of this information security standard. For us and for our customers, it is imperative that the value in our supply chains is protected with appropriate security mechanisms.