Press release - The information security management system of AVAT's Energy Automation Solutions division is now ISO/IEC 27001 certified.
IT Security is the top priority at AVAT. This has now been officially verified by the company PÜG Prüf- und Überwachungsgesellschaft: It has certified the information security management system of the Energy Automation Solutions division according to ISO/IEC 27001. “As a technology partner, we take the information security of our customers very seriously. With this certification, we are making an important contribution to a trusting partnership,” emphasizes company founder and Managing Director Frank Ganssloser.
Since the IT Security Act of 2015 went into effect, operators of critical infrastructure, KRITIS for short, have been required to demonstrate defensive IT measures to counter cyber attacks. Although AVAT is not obligated by law to become certified, the company has nevertheless decided to do so. We took this step because some customer services are security-critical, for example remote access for the maintenance of AVAT control systems for decentralized energy stations. In addition to energy suppliers, telecommunication providers and hospitals are also obligated.
Many operators of critical infrastructure have already committed themselves to this measure. Originally, all KRITIS operators were to prove their IT security by May 2018. However, since it was necessary to audit many municipal utilities and there were not enough auditors, the process was extended. How companies implement this security is their choice. The law only requires demonstrable protection “in line with the current state of the art.” Choices include the basic IT protection of the Federal Office for Information Security or industry standards, provided that they are enacted in the form of a regulation. The third option, however, has been generally accepted: the establishment of an information security management system certified in accordance with ISO/IEC 27001. AVAT has also chosen this approach.
The certification of an information security management system according to ISO/IEC 27001 is implemented as a series of steps. These include a survey of the current situation, planning and performing an audit (including documentation) and a test of the effectiveness of the system. The company must renew the certification every three years and document its progress annually.
Press release (PDF):
English - Download
About AVAT
For more than 25 years AVAT has been the highly specialized energy engineering partner of manufacturers of large engines, builders of CHP plants, service providers and regional energy suppliers. In this segment, the medium-sized technology company from Tübingen belongs to the world leaders. More than 100 highly qualified employees - predominantly engineers - work on management systems for gas and dual-fuel engines and intelligent solutions for decentralized energy systems for sustainable energy production and distribution. The AVAT portfolio encompasses the complete range of capabilities: from the technical concept via hardware and software development to engineering services. Working this way, AVAT can supply both individual components and complete systems, and implement fully integrated solutions. Via its subsidiary in South Korea, AVAT is also represented in Asia.
