Information & Cyber Security at Hellmann

We view information and IT systems as vital assets crucial for delivering top-tier products and services. Securing these assets is essential for reliable business operations, allowing us to leverage cutting-edge technology and achieve higher customer satisfaction. Our global team of information security experts monitor a comprehensive security management system at the core of our efforts.

Our Security Approach

Management Commitment

Our information security management system is backed by the full commitment of our management board, which is documented in our Information Security Policy. It requires every employee to actively participate in an information security culture that helps us to thrive in times of increasing information security threats that companies are facing globally.

Information Security Policy Framework

We adhere to a comprehensive set of policies that define the requirements that are necessary to sustain the value of the confidentiality, integrity, and availability of our information and services. It further specifies the instruments and methods used to manage (plan, adopt, implement, supervise and improve) the tasks and activities aimed to achieve and comply with information security.

Information Security Awareness

Our information security culture is fostered by multiple awareness measures, e.g., regular mandatory global trainings, simulations, campaigns, advices or target group specific activities. These ensure that every employee is aware of their role and responsibilities in regards to maintaining the security of our information assets in our daily work.

 

Security Incident Management

We proactively and repeatedly search through networks to detect and isolate advanced threats that evade our existing security solutions. Existing security solutions are investigated after an incident or warning occurs, to ensure a similar threat will be avoided in the future.

Information & Cyber Security Certifications

To demonstrate our efforts regarding Cyber Security and the professionality of IT service delivery, Hellmann undergoes several external audits conducted by recognized third party auditors every year. Below, you can find the numerous certifications that we hold in the context of Cyber Security.

Downloads

application/pdf

Certificate ISO 27001

application/pdf

ISO27001Certificate_2020-2021_EN

application/pdf

BSI IT-Grundschutz / German Security Certificate

International Organization for Standardization (ISO 27001)

As a sound and sustainable methodology for information security management systems (ISMS), IT-Grundschutz covers technical, organisational, infrastructural and personnel aspects in equal measure. With its broad foundation, IT-Grundschutz offers a systematic approach to information security that is compatible to ISO/IEC 27001.

Click here for more information. 

We are a TISAX participant

With TISAX – Trusted Information Security Assessment Exchange – the ENX Association supports the joint acceptance of information security assessments in the automotive industry on behalf of the VDA. The TISAX assessments are performed by audit providers who prove their qualification at regular intervals.

For us, confidentiality, availability and integrity of information have a very high priority. We have taken extensive measures to protect sensitive and confidential information. In doing so, we are guided by the questionnaire on information security of the Association of the Automotive Industry (VDA ISA).

Click here for more information. 

Cyber Essentials Plus

Hellmann Worldwide Logistics Limited is Cyber Essentials Plus compliant. The protection measures in the user and WiFi network at Hellmann Colnbrook FCO Services and the user network at Hellmann Milton Keynes have been assessed as satisfactorily protected against common cyber attacks

Cyber Essentials is an effective, UK-Government backed scheme that helps us to protect our organization against a whole range of the most common cyber attacks.

Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. This standard is designed to prevent these attacks.

Certification gives us peace of mind that our defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place. Cyber Essentials trademark follows a simple approach along with an auditors hands-on technical verification.

CyberVadis

The CyberVadis platform is based on a methodology that maps to all major international compliance standards and combines the speed of automation with the accuracy and effectiveness of a team of experts. 

Click here for more information. 

CyberGRX

We are actively engaged in the CyberGRX Third Party Risk Management (TPRM) program. Explore our involvement on the CyberGRX website.