How we support CBTL:

Increasing customer demands and the pressure to acquire certifications requires a proactive approach   

“Over the course of the last few years, we have developed from an online learning generalist into a B2B provider and online learning specialist for major corporations”, explains Christoph Herold, Chief Development Officer at CBTL. Their customer base includes a growing number of companies from the automotive industry. “The requirements with regard to data privacy and information security recently increased massively with our automotive customers, similarly to our industrial customers from other industries.” 

Sustainable competitive advantages powered by data privacy and information security

What was the first step? “When customers first started asking us about TISAX^®, we decided to arrange an assessment. It was clear to us that proven data privacy compliance and strong information security would serve as a real competitive advantage for our organisation.”  At this point, CBTL already benefitted from an external data protection officer (DPO) provided by DataGuard, resulting in smooth processes and no data security incidents whatsoever. 

Complex standards that required interpretation and creating optimised processes represented a challenge  

“What we were missing in the context of the assessment on TISAX^® were processes specifically optimised, documented, and replicable any time in line with the TISAX^® information security requirements,” says Herold. “For example, in the form of concepts for disaster recovery and business continuity. In addition, we did not have a lot of experience and routine within the organisation in terms of the assessment itself.” 

Moreover, many of the information security standards, and thus also the TISAX^® exchange programme, are open to interpretation. Without many years of expertise and experience, preparing for an information security assessment can quickly turn into a complex and lengthy undertaking. 

"InfoSec-as-a-Service" as the optimal solution 

“In no time”, continues Herold, “I received the reply that DataGuard was in the process of developing an ‘InfoSec-as-a-Service' platform for which CBTL could be a suitable pilot customer. We were intrigued and immediately seized the opportunity. After all, we have had a positive partnership for many years.” Aside from the information security platform, DataGuard won CBTL over with their strategic advice from a dedicated contact who engaged with them at eye level. The organisation’s many years of experience and best practices enabled CBTL to prepare for their scheduled assessment on TISAX^® quickly and effectively.  

Step-by-step towards the assessment on TISAX®   

“In terms of important information security requirements, CBTL was already in a great starting position. Together, we evaluated our existing processes in a kick-off workshop, identified areas that required optimisation, and created initial prioritised recommendations for action”, says Christian Taube, Team Lead Information Security at DataGuard. 

The next step focused on implementing TISAX^®-optimised and documented processes that could be reproduced anytime. After an internal review and final preparations, the time had come: On March 8th, 2021, CBTL completed the assessment in accordance with Assessment Level 3. TISAX^® participants can view the result of this assessment via the ENX Association (https://enx.com/en-us/). 

DataGuard is about to go live with its new ‘InfoSec-as-a-Service' platform. We couldn’t have expected better results – for both partners. 

Are you also looking to successfully prepare your organisation for an information security assessment in accordance with ISO 27001, TISAX^®, or BSI standards? We would be happy to support you and look forward to discussing your needs in an informal initial consultation. 

TISAX^® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX^® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.