Skip to main content
+43 3112 5580
Ludersdorf 175 | 8200 Ludersdorf-Wilfersdorf
Suche
Deutsch English
BT-Systems BT-Systems

Information security ISO/IEC project at BT-Systems

Cyber Security & Resilience

 

Mitarbeiter bedient Sortiermaschine über Display

Today, information security is a basic prerequisite for stability and digital trustworthiness in companies. EU-wide cyber security requirements have been introduced, particularly for companies such as BT Systems which develop hardware and software products. In order to fulfil these requirements, we are beginning the gradual implementation of the ISO 27001 and IEC 62443 standards under the project management of Stefan Lorenzoni. By August 2026, we will create a structured basis to protect sensitive data, minimise risks in a targeted manner and strengthen our company's digital resilience. The internationally recognised standards define the requirements for an effective information security management system (ISMS) - a systematic framework that we consistently integrate into our processes. With this implementation, we also meet approx. 90% of the requirements of the NIS 2 directive, which regulates the secure operation of IT and OT systems in critical and important facilities. "Cyber security and resilience are not just technical issues for us - they are an expression of our responsibility towards customers, partners and employees. I fully support this approach, which is indispensable in today's networked world and requires the active support of all our employees," says CEO Gerald Kreiner.

Regulatory requirements

The new EU-wide requirements are defined by the Cyber Resilience Act (CRA). The aim of the CRA is to increase the cyber resilience of products with digital components and to create a standardised legal framework in the EU. Fast response times in the event of an emergency are essential in order to limit impacts and keep critical business processes stable - aspects that are becoming increasingly relevant for SMEs in particular.

Key points:

  • CE labelling becomes mandatory: From 11 December 2027, products without a CE marking may no longer be placed on the EU market - a key requirement for BT systems.
  • Obligation to report vulnerabilities: From 11 September 2026, security incidents and vulnerabilities must be reported - even for products already on the market.
  • International standards: Comparable regulations also exist in other markets, such as the USA.
  • IEC 62443: This industry standard serves as the technical basis for meeting the CRA, which in turn ensures secure hardware and software products.


What we specifically do in the "Information Security ISO/IEC" project

The ISO/IEC standards are implemented in a structured, practical and step-by-step manner. The roadmap was drawn up by the project management together with BearingPoint and the project team and forms the basis for all further steps. In order to achieve the ambitious targets by August 2026, the project is scheduled to start at the beginning of December 2025.

Core measures:

  • Clear role and access concepts
  • Regular risk analyses and audits
  • Structured processes to permanently guarantee secure IT operations
  • and the development of secure hardware and software products
  • Technical protective measures and emergency plans
  • Training and sensitisation of all employees (supported by awareness-tools such as SoSafe)

The aim is to permanently ensure the confidentiality, integrity and availability of our information - both for our company and for our business partners.

Information security thrives on everyone's cooperation and collaboration - it creates a reliable digital environment for us and our customers.

Detailbild Bedienfeld Sortiermaschine mit Kreisgrafik
Bedienbildschirm einer Sortiermaschine
Back