Information & Cyber Security at Hellmann

In today’s business environment, processes are highly dependent on information technology. We at Hellmann understand information and IT systems as essential assets and vital resources critical to the products and services that we provide to our customers and partners. It is important to secure these assets to ensure a reliable business operation. The foundation of these efforts is a comprehensive information security management system which is monitored by our global team of information security professionals.

Our Security Approach

Our information security management system is backed by the full commitment of our management board, which is documented in our Information Security Policy. It requires every employee to actively participate in an information security culture that helps us to thrive in times of increasing information security threats that companies are facing globally. Our information security portfolio consists of the following capabilities. 

PROTECT

  • Definition of global security requirements and policies
  • Security by design, i.e. support in projects
  • SPOC for security relevant topics
  • Training and awareness
  • Maintenance of security relevant certifications, e.g. ISO / IEC 27001

DETECT

  • Monitoring of information security events and incidents
  • Scanning of Hellmann infrastructure and vulnerabilities
  • Internal and external audits
  • Assessment of security status
  • Monitoring of security KPIs

RESPOND

  • Management of cyber security incidents
  • Coordination of cyber triage and forensics
  • Support of disaster recovery

Information Security Policy Framework

We adhere to a comprehensive set of policies that define the requirements that are necessary to sustain the value of the confidentiality, integrity, and availability of our information and services. It further specifies the instruments and methods used to manage (plan, adopt, implement, supervise and improve) the tasks and activities aimed to achieve and comply with information security.

Information Security Awareness

Our information security culture is fostered by multiple awareness measures, e.g., regular mandatory global trainings, simulations, campaigns, advices or target group specific activities. These ensure that every employee is aware of their role and responsibilities in regards to maintaining the security of our information assets in our daily work

Security Incident Management

We proactively and repeatedly search through networks to detect and isolate advanced threats that evade our existing security solutions. Existing security solutions are investigated after an incident or warning occurs, to ensure a similar threat will be avoided in the future.

Information & Cyber Security Certifications

To demonstrate our efforts regarding Cyber Security and the professionality of IT service delivery, Hellmann undergoes several external audits conducted by recognized third party auditors every year. Below, you can find the numerous certifications that we hold in the context of Cyber Security.

Downloads

application/pdf; time=20241217125008

Certificate ISO 27001 (English)

application/pdf; time=20241217124824

Certificate ISO 27001 (German)

application/pdf

Cyber Essentials Certificate

application/pdf

Cyber Essentials Plus Certificate

application/pdf

Certificate BSI IT-Grundschutz (German)

International Organization for Standardization (ISO 27001)

As a sound and sustainable methodology for information security management systems (ISMS), IT-Grundschutz covers technical, organisational, infrastructural and personnel aspects in equal measure. With its broad foundation, IT-Grundschutz offers a systematic approach to information security that is compatible to ISO/IEC 27001.

Click here for more information. 

We are a TISAX participant

With TISAX – Trusted Information Security Assessment Exchange – the ENX Association supports the joint acceptance of information security assessments in the automotive industry on behalf of the VDA. The TISAX assessments are performed by audit providers who prove their qualification at regular intervals.

For us, confidentiality, availability and integrity of information have a very high priority. We have taken extensive measures to protect sensitive and confidential information. In doing so, we are guided by the questionnaire on information security of the Association of the Automotive Industry (VDA ISA).

Click here for more information. 

Cyber Essentials Plus

Hellmann Worldwide Logistics Limited is Cyber Essentials Plus compliant. The protection measures in the user and WiFi network at Hellmann Colnbrook FCO Services and the user network at Hellmann Milton Keynes have been assessed as satisfactorily protected against common cyber attacks

Cyber Essentials is an effective, UK-Government backed scheme that helps us to protect our organization against a whole range of the most common cyber attacks.

Click here for more information. 

CyberVadis

The CyberVadis platform is based on a methodology that maps to all major international compliance standards and combines the speed of automation with the accuracy and effectiveness of a team of experts. 

Click here for more information. 

CyberGRX

We are actively engaged in the CyberGRX Third Party Risk Management (TPRM) program. 

Click here for more information.