DE
联系
Suchen
≡ Navigation öffnen/schließen
× Navigation schließen
Products
+
Manufactory
+
Stainless Steel Pumps
Hastelloy® Pumps
Titanium Gear Pumps
Gray Cast Iron Pumps
Flow Dividers
Multivalves
Series Products
+
Oil Pumps
Dry Sump Pumps
Transmission Oil Pumps
Auxiliary Heating Pumps
SCR Pumps
Salt Pumps
Dosing Systems
+
Technology
SCR Systems
Modular Systems
Designs
+
Gerotor Pumps
External Gear Pumps
Internal Gear Pumps
Vane-Type Pumps
Applications
+
Automotive Technology
+
Dry Sump Lubrication Pumps
Auxiliary Heating
Miniature Hydraulic Pumps
Consumption Measuring
Gear Lubrication
Power Pack
Brake Maintenance Units
A/C Servicing Units
Charging Station Cooling
Road De-Icing
Mechanical Engineering and Construction
+
Diesel Exhaust Gas Cleaning
Seal Supply Systems
Detergent Dosing
Chemical Dosing
2-Component Adhesives
Feed Manufacturing
Electrical potting
Refrigeration Compressor
Fuel Additive Dosing
Ink Printing
Methanol
Power Plant Technology
+
Wind Turbines
Gas Turbines
CHP
The Company
+
Competences
Business Group
Vision & Mission
History
Management Team
Careers
+
Job Vacancies
Apprenticeship & Integrated Degree Program
Theses & Internships
Contact
+
Contact Persons in Germany
International Contact Persons
Representatives
Service
+
Repair Service
Spare Parts Service
Questionnaire for suppliers
Maintenance
Homepage
Service
Questionnaire for suppliers
Information security questionnaire for suppliers
1. General information on the supplier
Company name
*
Address
*
Number of employees
*
Contact person for information security (name, position, contact)
*
Industry
*
What services or products do you supply to our company?
*
2. Certifications and standards
Is your company certified to one of the following standards?
ISO/IEC 27001
BSI-Grundschutz (IT-Baseline according BSI-standard)
TISAX (Trusted Information Security Assessment Exchange)
Other (please specify)
If yes for 2.1, please indicate the year of the last certification and the certifier
ISO/IEC 27001
BSI-Grundschutz
TISAX
Other
If not certified, do you plan to obtain certification in the next 12 months?
*
yes
no
If so, which standard?
Planned certification date
3. Information security management system (ISMS)
Does your company have a formal information security management system (ISMS)?
*
yes
no
If yes, which framework is used (e.g. ISO 27001, BSI-Baseline)?
How often is the ISMS reviewed and audited internally and externally?
Internal: (e.g. annually, semi-annually)
External: (e.g. annually, every 2 years)
Does your company have an information security officer (CISO)?
*
yes
no
If yes, please indicate the position and responsibilities:
Is there a data protection officer (DPO) in your company?
*
yes
no
If yes, please indicate the position and responsibilities:
4. Risk management
Do you carry out regular risk assessments?
*
yes
no
If yes, at what interval?
How are identified risks handled in your company?
Risk acceptance
Risk reduction
Risk transfer
Risk avoidance (explanation, which tools are used)
Further information:
Is there a documented incident response plan for security incidents?
*
yes
no
If yes, when was this last updated?
5. Technical and organizational measures
Which of the following technical measures have been implemented in your company?
Firewalls
Encryption of data (at rest and in transit)
Access controls (physical and logical)
Anti-Malware-Software
Intrusion Detection/Prevention System
Regular security updates and patch management
Other:
How do you ensure that only authorized persons have access to confidential information?
Multi-factor authentication
Access restrictions
Role-based access control (RBAC)
How are security incidents reported and handled in your company?
Reporting channels and responsibilities:
6. Awareness and training
Are your employees regularly trained in information security?
*
yes
no
If so, how often do the training courses take place?
Is there special training for employees in safety-critical positions?
*
yes
no
If yes, please provide details:
7. Data protection
How do you ensure the protection of personal data in your company?
Measures and processes:
Is your company compliant with the General Data Protection Regulation (GDPR)?
*
yes
no
If so, how is this ensured?
8. Supplier management and third parties
Do you have security requirements that you pass on to your own suppliers?
*
yes
no
If yes, please specify:
How do you ensure that third parties who have access to sensitive information implement appropriate security measures?
Contractual clauses
Regular audits
Safety certificates
9. Conclusion
Is there any further information or documentation you would like to provide us with regarding your information security?
Submit
