Karlsruhe, 04.03.2025 – The ERP system is the IT backbone of a company – and therefore also the central repository for sensitive business information and customer data. Accordingly, companies must be able to rely on the fact that both the product used and the manufacturer behind it meet the highest quality and security standards. Criteria that the ERP specialist Asseco Solutions from Karlsruhe fulfills in a comprehensive manner: The company has now been certified to the ISO 27001 information security standard for the first time. In December, the company received a newly issued certificate for the quality management standard 9001, which is valid until the end of 2027.
“Data is the gold of the digital age – its protection must therefore be a top priority at all times,” emphasizes Markus Haller, CEO and CTO of Asseco Solutions. “We already take this requirement into account in the development of APplus. With the ‘Security by Design’ approach, we ensure that our software code is created as securely as possible from the ground up. Our customers can rest assured that we always handle the information provided carefully and conscientiously and do everything we can to ensure the highest quality in our processes and products. The current certifications are proof of the fruits of our efforts in these areas.”
To ensure the best possible product security, Asseco provides its developers with regular training on secure coding and consistent compliance with security-relevant standards, among other things. When implementing the ERP system at the customer’s site, the company is increasingly focusing on only ever storing sensitive data in encrypted form and only allowing access to the system via VPN. Finally, the Asseco experts provide support with proven recommendations such as network separation, which allows APplus to be operated in a separate area and is therefore better protected against potential intruders or malware in the main network.
ISO 27001 proves compliance with central security standards
Measures such as these make a decisive contribution to optimizing information security and are therefore at the heart of ISO 27001. In order to achieve compliance with this standard, manufacturers must prove that they handle information and data responsibly in their own business processes as well as ensure the highest level of security in their solutions through appropriate measures in their development. To this end, an information security management system must be used and identified risks must be addressed by means of control mechanisms. Corresponding guidelines, processes and procedures must be comprehensively documented and the security awareness of employees must be continuously sharpened and improved.
For the purpose of certification, compliance with these criteria was examined as part of an audit. Specifically, the auditors scrutinized the corporate structure of Asseco Solutions and its compliance with the central key requirements of the standard. To this end, the procedures within the company were put through their paces and, for example, people from various departments were interviewed and the concrete implementation of processes and control mechanisms were verified in practice.
New certificate for quality management
In addition to information security, Asseco Solutions has also received a new certificate in the area of quality management that is valid until the end of 2027. It certifies the company’s compliance with the ISO 9001 quality management standard, which ensures that the company pursues a sound quality strategy and documents and controls it in a verifiable manner.
Seven central dimensions of quality management are decisive for this within the framework of the standard: customer focus, leadership responsibility, employee involvement, process orientation, continuous improvement, fact-based decisions and relationship management with partners and suppliers. Asseco Solutions was able to comprehensively fulfill the corresponding requirements in order to provide the highest level of quality in its products and services on this basis and to reliably meet the requirements of the market and its customers.
