IT Security at SAE

Our IT security management

An optimally protected system preserves the confidentiality, integrity, authenticity and availability of data and information and prevents unwanted intrusions. The challenges that IT experts face in this regard are growing constantly. Attackers are becoming more and more professional, legal requirements are becoming more and more specific, and last but not least, various interest groups have to be taken into account: Despite the necessary increase in security, for example, the practicability of the systems for operating and maintenance personnel must not be forgotten. Ideally, a utility system is based on a network infrastructure that allows secure connections with strong encryption, as well as providing high functionality and convenience for day-to-day business applications. A future-proof infrastructure also requires the ability to monitor continuously and in detail to identify risks and derive protective measures. The practical solution to this challenge can therefore only be a holistic security concept that enables continuous further developments and updates.

Put through its paces

To verify the effectiveness of our continuous further developments in the area of IT security, our telecontrol systems are tested by external specialists at regular intervals. Most recently, GAI NetConsult GmbH conducted an audit of compliance with the requirements of the BDEW white paper. The result: “From the point of view of IT security, there are no concerns for the tested devices in the configuration examined for productive use in networks with increased security requirements.”

Information security: ISMS & ISO 27001 certification

As a supplier to operators of critical infrastructures, we are aware of our responsibility with regard to information security. To raise the level of security in our processes, we decided to appoint an Information Security Officer who, in cooperation with external security experts, implements the requirements for ISO 27001 certification. Our information security expert Markus Dewerny has been working for SAE IT-systems since 2002 – before that he was a customer himself. As a former project engineer, he knows not only the systems and technology, but also the concerns and problems of customers first-hand. After further training to become an IT Security Coordinator (IHK) and Security Manager (EBS), he took over the position of Information Security Officer at SAE in 2017 and maintains a dialog with customers, partners and suppliers on information security and data protection issues. Furthermore, he drafts internal company guidelines, carries out risk analyses in the area of information security and coordinates the resulting measures.