Christoph Herold, Chief Development Officer, CBTL

How we support CBTL:

“The support provided by DataGuard as a competent partner and external Information Security Officer before and during our assessment on TISAX^® was extremely helpful, especially in relation to the requirements of level 3 of compliance to TISAX^®.”

TISAX^® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX^® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

Download Story

Christoph Herold, CBTL

Before DataGuard

Information Security Management System (ISMS) not ready for the assessment on TISAX^®
Lack of clarity on how to approach the assessment on TISAX^®
Missing optimised processes according to requirements for TISAX^®

With DataGuard

Preparations for a certification on TISAX^® integrated into ISMS
Fully supported to prepare for the assessment on TISAX^®
Established optimised, documented processes for the assessment on TISAX^® that can easily be reproduced

Increasing customer demands and the pressure to acquire certifications requires a proactive approach

“Over the course of the last few years, we have developed from an online learning generalist into a B2B provider and online learning specialist for major corporations”, explains Christoph Herold, Chief Development Officer at CBTL. Their customer base includes a growing number of companies from the automotive industry. “The requirements with regard to data privacy and information security recently increased massively with our automotive customers, similarly to our industrial customers from other industries.”

TISAX®, along with GDPR, has now become a basic requirement for the organisation’s long-term success

According to Herold, the reason behind this is the increased awareness of the GDPR, which has been in effect since 2018. On top of this, customers from the automotive industry additionally require TISAX® (Trusted Information Security Assessment Exchange) labels, an industry standard that came into force shortly before this. “In order to fulfil the high TISAX® demands and successfully pass a corresponding assessment, we implemented a comprehensive information security management system (ISMS) with the help of DataGuard.”

Sustainable competitive advantages powered by data privacy and information security

What was the first step? “When customers first started asking us about TISAX®, we decided to arrange an assessment. It was clear to us that proven data privacy compliance and strong information security would serve as a real competitive advantage for our organisation.” At this point, CBTL already benefitted from an external data protection officer (DPO) provided by DataGuard, resulting in smooth processes and no data security incidents whatsoever.

Complex standards that required interpretation and creating optimised processes represented a challenge

“What we were missing in the context of the assessment on TISAX^® were processes specifically optimised, documented, and replicable any time in line with the TISAX^® information security requirements,” says Herold. “For example, in the form of concepts for disaster recovery and business continuity. In addition, we did not have a lot of experience and routine within the organisation in terms of the assessment itself.”

Moreover, many of the information security standards, and thus also the TISAX^® exchange programme, are open to interpretation. Without many years of expertise and experience, preparing for an information security assessment can quickly turn into a complex and lengthy undertaking.

"InfoSec-as-a-Service" as the optimal solution

“In no time”, continues Herold, “I received the reply that DataGuard was in the process of developing an ‘InfoSec-as-a-Service' platform for which CBTL could be a suitable pilot customer. We were intrigued and immediately seized the opportunity. After all, we have had a positive partnership for many years.” Aside from the information security platform, DataGuard won CBTL over with their strategic advice from a dedicated contact who engaged with them at eye level. The organisation’s many years of experience and best practices enabled CBTL to prepare for their scheduled assessment on TISAX^® quickly and effectively.

Step-by-step towards the TISAX® assessment

“In terms of important information security requirements, CBTL was already in a great starting position. Together, we evaluated our existing processes in a kick-off workshop, identified areas that required optimisation, and created initial prioritised recommendations for action”, says Christian Taube, Team Lead Information Security at DataGuard.

The next step focused on implementing TISAX®-optimised and documented processes that could be reproduced anytime. After an internal review and final preparations, the time had come: On March 8th, 2021, CBTL completed the assessment in accordance with Assessment Level 3. TISAX® participants can view the result of this assessment via the ENX Association (https://enx.com/en-us/).

DataGuard is about to go live with its new ‘InfoSec-as-a-Service' platform. We couldn’t have expected better results – for both partners.

Are you also looking to successfully prepare your organisation for an information security assessment in accordance with ISO 27001, TISAX®, or BSI standards? We would be happy to support you and look forward to discussing your needs in an informal initial consultation.

TISAX® is a registered trademark of the ENX Association.

About CBTL

For many organisations, online courses, customer webinars, and virtual product training were part of their everyday business long before the COVID-19 pandemic. After all, the origins of this innovative method of knowledge transfer date back to the 20th century. One of the online learning pioneers and a leading provider in this market is the Munich-based organisation Computer Based Training and Learning GmbH (CBTL), founded in 1999.