TÜV Rheinland reaffirms Thinkproject's information security in accordance with ISO 27001 ISMS
Recertification of Thinkproject's IT solutions, services, and locations
Press release
Munich, 12th February 2024 – Thinkproject, the leading European SaaS provider of solutions for the construction industry, has re-audited its comprehensive information security management system (ISMS). The latest assessment proves that Thinkproject continues to consistently comply with the strict guidelines of ISO/IEC 27001:2013. The assessment was carried out by TÜV Rheinland. The global testing service provider carried out a comprehensive analysis of all Thinkproject's business operations. The audit included Thinkproject's products as well as various locations. For example, the audit team evaluated the development and (SaaS) operation of the Thinkproject products TP CDE, EPLASS CDE, CONCLUDE CDE, KAIRNIAL, CEMAR, RAMM and DESITE BIM. A new addition was TP CLOUD, which was tested for the first time and also successfully certified. The ISO 27001 compliance of the subsidiaries in Germany as well as the subsidiaries in Austria, France, Spain, New Zealand, the Netherlands, and the United Kingdom was also confirmed once again. A new addition is India, which underwent the audit for the first time and immediately received certification.
ISO/IEC 27001 certification: for the digital transformation of the industry
As part of the ISMS recertification, TÜV Rheinland examined all relevant business processes of Thinkproject in the areas of product management, product development, operations, sales, software configuration, customer support, internal IT, user management, and administration. ISO 27001 compliance is even more relevant today due to the digital transformation in the construction industry, with more and more software solutions such as Common Data Environments in use which contribute significantly to increasing quality and productivity in construction projects. These software products handle complex information processes in the context of information management. "Of course, this results in new challenges in terms of information security," explains Dr. Ralf Hundhammer, Chief Technology Officer (CTO) of Thinkproject. "Companies in the construction industry entrust us with their most valuable asset – their data. They must be able to rely on the fact that we, as a software provider, have taken the necessary technical and organisational security precautions," says the CTO. "This is exactly what the ISO/IEC 27001 certification confirms. That's why it's our top priority."
Information Security: Highly important for critical infrastructure
Particularly in the geopolitical context, information security in the construction industry is becoming increasingly important. This is especially true for critical infrastructures (KRITIS). "Especially in this area, data is often extremely sensitive and therefore worth protecting – think of details of possible weak points or deficiencies at critical points such as airports, tunnels and bridges," says Dr. Ralf Hundhammer. "If such information falls into the wrong hands, it could have serious consequences." In addition, large critical infrastructure customers, such as companies in the energy supply or power plant construction sectors, place high demands on their subcontractors. These must verifiably meet the ISO 27001 standards and be certified accordingly. This applies not only to the companies themselves, but also to the SaaS solutions offered. In these cases, compliance with these standards is even legally mandatory.
Growing customer demands
Information security is no longer just a topic for specialist departments, but has long been on the agendas at management level, including at Thinkproject. "At the group level, we define the standards, which are then implemented in all our products by local information security officers," says Ralf Hundhammer, CTO Thinkproject. "This is a great advantage for our customers: no matter which of our products they use, they always enjoy the same high standard. In this way, we always meet customer requirements in terms of confidentiality, integrity, availability and authenticity."
Information Security KPI System
"We are particularly proud of the fact that TÜV Rheinland had no complaints and that we were able to complete the certification without any deviations or improvements," explains Dr. Ralf Hundhammer. Despite the large number of points requested, there were only a few indications of opportunities for improvement. TÜV Rheinland particularly noted the KPI system that Thinkproject uses to continuously evaluate its information security internally. "We owe this excellent result to our well-rehearsed team, the intensive preparations before the audit and our well-functioning processes, which are based on our many years of expertise and experience," sums up the CTO. "After all, we carried out the first certification over a decade ago and know the processes very well. A special thank you therefore goes to the employees of all locations and departments who worked hand in hand and made this success possible through their joint, committed efforts."
__________________________________________________________________________________
Press contact: Julia Schreiber, Möller Horcher Kommunikation GmbH, julia.schreiber@moeller-horcher.de, +49 3731 2070915
About Thinkproject
By combining information management expertise and in-depth knowledge of the building, infrastructure, and energy industries, Thinkproject empowers customers to efficiently deliver, operate, regenerate, and dispose of their built assets across their entire lifecycle through a Connected Data Ecosystem. With 650+ employees, Thinkproject offers digital solutions in 60 countries worldwide that cover the entire lifecycle of a construction project. Thinkproject supports more than 750,000 users in 75,000 projects at more than 3,250 customers.
For more information, please visit www.thinkproject.com