With its ISO 27001 certification, ACTIA sets its sights on total security
October 2019 News
This year, ACTIA Automotive was awarded ISO 27001 certification for its electronic and software product production activities.
With threats ever-increasing (cybercrime, international competition, etc.), this certification enables the ACTIA Group to build confidence among its customers and partners over the long term by offering solutions to the following challenges: providing its customers with products and services that counter cybersecurity risks, protecting assets and information, ensuring the availability and continuity of resources, and complying with information security requirements.
As part of the ACTIA Group’s global risk management commitment, this certification supplements the other ISO 27001 certification obtained and held by other companies within the Group such as ACTIA Engineering Services and Market IP, as well as the processes for rolling out information security management systems implemented in the other companies.
See also: "ISO 27001-certified Market-IP processes": http://www.market-ip.com/en/news
These joint actions create the confidence that's needed to ensure good collaboration within the Group, which is a key driver of performance.
To obtain the certification, ACTIA Automotive deployed an information security management system that is fundamental to its organisation and processes. An important part of this certification is guaranteed risk management in all environments and throughout the life cycle of products and services and their upgrades (Cloud, Big Data, Artificial Intelligence, Autonomous Vehicle, etc.).
What is ISO 27001 certification?
ISO/IEC 27001 is an international information security standard co-published by the ISO and the IEC. First published in October 2005 and revised in 2013, its title is “Information technology - Security techniques - Information security management systems - Requirements”.
ISO/IEC 27001 describes the definition, implementation, control and improvement of a management system, based on the management of information security risks.
Through this action, ACTIA Automotive maintains fully aware of risks and how to manage them, using precisely defined measures.
Unlike other ISO management system standards (i.e. ISO 9001), ISO 27001 certification is still not widespread, but it is being used with increasing frequency in response to current cybersecurity issues.
Why is ISO 27001 important to build trust in ACTIA’s ecosystem?
Cybersecurity is now a major challenge in both professional and private lives. An ISO 27001 certification by an approved organisation is an important confidence builder for all stakeholders in the ACTIA Group ecosystem, including customers, shareholders, employees, partners and organisations. Some customers already require this certification.
What role does ISO 27001 play in terms of security for smart vehicles?
Experts in the Group act as ACTIA representatives in global standardisation organisations and help to draft ISO/SAE cybersecurity (i.e. ISO/SAE 21434), communication and vehicle diagnostic standards.
ACTIA is therefore making preparations to incorporate the latest standardisation requirements starting right from the design process for its products, and can offer its customers products and services that meet the latest standards.
ISO 27001 certification actions and the deployment of different cybersecurity standards, in particular ISO/SAE 21434, are collectively carried out by optimising synergies and sharing opportunities.
"ACTIA is shifting towards cybersecurity": Jacques Kunegel, Product Safety Manager at the ACTIA Group, leader of the drafting team for the ISO/SAE 21434 standard (Automotive Cybersecurity Engineering): https://www.actia.com/en/press/focus/item/ACTIA shifts gear to address cybersecurity
"Tony Malaterre: global expert in automobile standards": https://www.actia.com/en/press/news/item/Tony Malaterre World expert in vehicle standardisation
What role does ISO 27001 play in protecting private life in ACTIA Group?
ACTIA implements and maintains a specific process to ensure the protection the private information of individuals whose personal data is used by ACTIA, in compliance with the applicable laws and regulations (e.g. GDPR).
This is both a complementary and integrated approach with respect to the ISO 27001 certification:
- ISO 27001 certification attests to ACTIA’s conformity in terms of managing the protection of private lives and personal data. This matter is the subject of a specific requirement of the standard (ISO 27001 - Appendix A - A.18.1.4).
- All of the measures implemented and employed as part of the ISO 27001 initiative help to meet the legal and regulatory requirements governing the protection of private lives and “data processing security” (GDPR - Art 32. 1.a) b) c) d)).
The primary objectives of these joint actions include respect for individual rights (consent, consultation, correction, deletion) and raising the awareness of all parties concerned.
What role does ISO 27001 play in ACTIA’s digital transformation?
ACTIA is investing in its development through a major digital transformation project to improve the management of information pertaining to products and processes for PLM and ERP solutions, digitizing HR, Finance, Supply Chain, communication and other support functions, while also implementing projects that help to structure and drive innovation for the Group in a period of strong growth.