First-Hand News?
Obtain news and background information about sealing technology, get in touch with innovative products – subscribe to the free e-mail newsletter.
Trust Center
- Home
-
Back to
Company
- Trust Center
Certification and Compliance
Freudenberg Sealing Technologies (FST) is committed to high standards of information security and data protection and prides itself on compliance with industry regulations and best practices. Our strict adherence to policies ensures the protection of sensitive information and underscores our commitment to the trust and privacy of our stakeholders.
ISO – Certification
ISO 27001 is an internationally recognized standard for Information Security Management Systems (ISMS). We have achieved ISO 27001 certification, demonstrating our unwavering commitment to the highest levels of information security.
For your convenience and transparency, all site-specific certificates can be easily accessed and downloaded from our dedicated Download Area. Simply visit Site Certificates to retrieve the relevant certificates.
TISAX®
TISAX is a widely recognized and respected standard in the automotive industry that validates our commitment to ensuring high standards of information security. As part of our commitment to transparency, we invite you to review the results of our TISAX label on the ENX Portal. The ENX Portal is a secure platform where you can access comprehensive information about our assessment.
Here are the steps to access the TISAX certification results on the ENX Portal:
- Log in using your credentials or create a new account if you don't have one.
- Navigate to the "Shared Assessment results" or a similar section.
We at Freudenberg Sealing Technologies are highly committed to protect our information and the data of our customers.
Information Security
Organization
- The Freudenberg Group acts as an overarching body that monitors and audits the information security of the individual Business Groups to ensure compliance with Group-wide guidelines.
- Ultimate responsibility for information security lies with the FST Board of Management, which is tasked with maintaining an appropriate level of information security.
- At the operational level, a global information security team headed by the Chief Information Security Officer evaluates and monitors the implementation of the agreed activities.
- In addition, a locally appointed person at each site is responsible for assessing and monitoring the fulfillment of the agreed activities. In addition, FST has a dedicated Security Operations Center (SOC) that proactively addresses emerging cyber security risks.
This comprehensive framework underscores our commitment to maintaining sound information security practices at both a strategic and operational level across the organization.
Governance
At FST, we prioritize the protection of information through a robust information security policy that serves as the cornerstone of our commitment to security. This strategic document outlines overarching goals, principles and processes that guide our organization in protecting sensitive information. In addition to our Information Security Policy, we have introduced several topic-specific policies, each covering different aspects of our information security framework. These policies collectively ensure a comprehensive and proactive approach to managing and mitigating risk and reflect our commitment to maintaining the highest standards of information security in all areas of our operations.
The following objectives serve to protect the relevant Information Assets
-
Confidentiality
Information Assets are protected from unauthorized disclosure. -
Integrity
Information Assets are protected from unauthorized modification to assure their accuracy, completeness, and validity. -
Availability
Information Assets are accessible and usable upon demand by authorized individuals and Information Technology. -
Risk Orientation
The level of Information Security and the controls required to achieve this level are adequate to the current and projected threat environment and the related risk situation and are economically feasible. -
Compliance
All legal, contractual, and regulatory requirements are identified and fulfilled. -
Security Awareness
Relevant personnel, internal and external, are aware of their obligations and personal responsibilities related to Information Security. They are adequately trained, empowered, and have the required management commitment. -
Secure Third-Party Relationships
The adequate level of Information Security within FST is observed by business partners, service providers, consultants and other third parties. -
Continuous Improvement
The state of Information Security, including the objectives set forth in our policy, will be reviewed and updated regularly. The effectiveness of the ISMS is being continuously improved including considerations of corrective and preventive actions. This considers the constantly changing global Information Security landscape, altered requirements of interested parties, and the operational outcome of the FST ISMS.
To achieve the objectives the following principles apply.
-
Strategic Principles
The FST Business Principles, the Guiding Principles and the Code of Conduct of the Freudenberg Group serve as the basis for FST’s Information Security Management System and its implementation. The ISMS strategically supports the implementation of adequate Information Security controls at FST to achieve the information security objectives. -
Standardization
The FST ISMS is based on ISO/IEC 27001. Other national and international standards, as well as customer specific standards (e.g., TISAX or NIST), are considered where required and appropriate. -
Information Security Organization
The Information Security Organization is responsible for the achievement of the Information Security objectives. It receives full support from the Board of Management of FST. -
Risk Management
To allow for a balanced ISMS, all Information Security controls (technical and organizational) are evaluated against the risks they are designed to counter. The elements of the Information Security Risk Management process (assessment, acceptance, and treatment) are implemented in a structured and repeatable way and are aligned with the Risk Management Processes on both FST- and Freudenberg Group-level. -
Compliance Culture
For Information Security, synchronized interaction with other functions is vital to contribute efficiently to the business success of FST. It is also indispensable for long term acceptance of Information Security. Hence, the ISMS is designed as a part of the overall compliance culture within FST. It has well defined interfaces to other Management Systems such as Risk Management, Compliance Management, Quality Management, and others. -
Performance Evaluation and Audits
In order to facilitate the continuous improvement of the ISMS, several activities including audits, performance evaluations, reporting mechanisms, and management reviews are defined. The outcomes of these activities are evaluated to allow for required corrective actions and to further improve the level of information security. The ISMS also includes control and evaluation of third-party activities and third-party staff working for or on behalf of FST.
Physical Security
At FST, our commitment to physical and environmental security is reflected in the careful implementation of robust measures and adherence to industry standards. We have developed a comprehensive security concept that is aligned with the security zones defined by TISAX and ensures a tiered and well-documented approach to protecting sensitive information.
At FST, we use the robust infrastructure of Microsoft Azure to host most of our servers and applications. Azure, a globally recognized cloud platform, provides a secure and certified environment for our digital assets. Azure places great emphasis on security and has received industry-standard certifications that confirm its commitment to maintaining the highest security and compliance standards. Our strategic choice of Azure as our hosting platform underscores our commitment to ensuring the resilience, reliability and security of our digital ecosystem, which is aligned with Microsoft's best practices and industry standards.
The few on-premise server rooms meet increased security requirements and to protect our data infrastructure.
In addition, we ensure a high level of crisis prevention by adhering to Group-wide guidelines, thereby promoting a secure operating environment. We prioritize environmental risk management by systematically identifying and addressing potential risks to maintain a resilient business environment. In line with our commitment to safety, all off-site facilities are carefully assessed and included in our safety protocols.
At each site, we conduct site-specific risk assessments and adjust our security measures to account for and mitigate the risks associated with each location. This approach allows us to proactively identify and manage potential threats and underscores our commitment to maintaining a safe and resilient operating environment.
Operations Security
At FST, information security plays a central role within various operations, as evidenced by the implementation of comprehensive measures and industry-leading solutions. By leveraging the Microsoft 365 Security E5 suite, our organization benefits from advanced security features that enhance our ability to protect against evolving threats. Our Security Operations Center plays a critical role in maintaining vigilance, continuous monitoring and proactive threat response.
Our software development adheres to the strict requirements of TISAX and ensures that customized applications are developed and maintained to high security standards.
Microsoft Defender for Endpoint is installed on every device, further strengthening our protection against potential security breaches.
To ensure business continuity, we have robust backup and recovery policies that are regularly tested for effectiveness. Our patch and security policies cover all aspects of our operating environment and ensure the security of operating systems, applications, firmware, and devices. In addition, we enforce a network security policy with a segregation approach to improve the overall resilience of the network.
Our commitment to the latest standards in cryptography underscores our commitment to data protection and strengthens our defenses against potential threats. At FST, operational security is an integral part of our strategy, enabling us to maintain a secure and resilient digital landscape in an ever-evolving cybersecurity landscape.
Training and Awareness
At FST, we place great importance on information security and recognize the central role that training and awareness initiatives play in protecting our digital environment. Our commitment to the awareness of our valued employees is reflected in the regular training sessions that are tailored for both IT and non-IT users. These trainings cover important topics such as the CIA triad (confidentiality, integrity and availability), social engineering, account and password management, online behavior, information security incident reporting, as well as the proper use of external IT services and understanding the FST security zones.
Through these comprehensive programs, we provide our employees with the knowledge and skills required to maintain high information security standards and promote a culture of vigilance and responsibility throughout the company.
Third-Party Relationship
At FST, we place the utmost importance on information security, not only within our internal operations, but also in our valued relationships with third parties. We recognize the important role that our customers and suppliers play in the success and value of our business and are therefore committed to taking robust measures to protect their information.
As a supplier to our customers, we strive to ensure a high level of protection for their sensitive data. Similarly, we hold our suppliers to strict standards and explicitly require the secure handling of confidential data. Where necessary, non-disclosure agreements are concluded that provide a legal framework for maintaining confidentiality. In addition, information security considerations are contractually agreed to ensure a comprehensive and mutually beneficial approach.
To underline our commitment to responsible collaboration, external partners are only granted the necessary access - both physical and logical - to perform their tasks, with the principle of least privilege applying. This selective approach not only protects information, but also underscores our commitment to creating a secure and trusted environment.
At FST, we recognize that trust and collaboration with our customers and suppliers is essential to the overall value of our business. By incorporating information security into these relationships, we reinforce our commitment to maintaining a secure and reliable business environment to ensure the continued success and mutual benefit of all parties involved.
Data Protection
At FST, we emphasize our unwavering commitment to data privacy and ensure strict compliance with all applicable regulations and laws in the countries where our facilities are located.
Our approach underscores our commitment to protecting the privacy and rights of individuals with particular emphasis to the data of our valued customers and suppliers.
Contact
Please contact your Sales Representative at FST if you require additional information.
No personal contact available? Use our contact form.
Back to Top