Siemens establishes binding cybersecurity requirements for suppliers20 February 2019
New Siemens suppliers must comply with minimum binding cybersecurity requirements.
These requirements, which are being introduced gradually, will apply primarily to suppliers of security-critical components such as software, processors and electronic components for certain types of control units. Existing suppliers who do not yet comply with the requirements are to implement them gradually. The requirements stipulate, for example, that suppliers must integrate special standards, processes and methods into their products and services. In the future, suppliers themselves must, for example, perform security reviews, conduct tests and take corrective action on a regular basis. Siemens is making these requirements mandatory for its own activities as well.
The goal is to better protect the digital supply chain against hacker attacks. In this regard, Siemens is following the course laid down by the Charter of Trust for cybersecurity [see link below], which calls for binding rules and standards to build trust in cybersecurity, initiated by Siemens and established a year ago. Signatories include AES, Airbus, Allianz, Atos, Cisco, Daimler, Dell Technologies, Deutsche Telekom, Enel, IBM, NXP, SGS, Total and TÜV Süd. In February, Mitsubishi Heavy Industries signed a letter of intent to join the Charter.
Siemens argues that the contractual change will "enable us to reduce the risk of security incidents along the entire value chain in a holistic manner and offer our customers greater cybersecurity," says Roland Busch, chief technology officer. "If all our partner companies put their global weight behind these measures and implement them together with their suppliers, we can generate tremendous impact and make the digital world more secure."
Siemens Industry Ltd
This material is protected by MA Business copyright
See Terms and Conditions.
One-off usage is permitted but bulk copying is not.
For multiple copies
contact the sales team.