Strojmetal Logo

Information Security: Reporting Security Incidents

Information Security: Reporting Security Incidents

The integrity of our business processes and the protection of information—particularly prototypes and confidential customer data—are core elements of our corporate culture. To maintain our high level of security in accordance with the TISAX standard, we rely on the active cooperation of our employees, partners, and service providers.

What is an information security incident?

A security incident is an event that compromises or has already compromised the confidentiality, availability, or integrity of information and systems.

A part of our TISAX Certification process we distinguish between:

  • Breach of confidentiality: Unauthorized access to project data, theft of prototypes, or theft of login credentials.
  • Breach of integrity: Unauthorized Manipulation with data, software, or hardware components.
  • Availability constraints: System outages caused by ransomware, denial-of-service attacks, or physical destruction of infrastructure.
  • Policy violations: Misconduct by individuals that poses a security risk (e.g., failure to comply with the clean desk policy or bringing cameras into restricted areas).

Guidelines for Whistleblowers: How to Proceed

If you discover an irregularity or have a specific suspicion, please remain calm and follow these steps:

  1. Document, don't manipulate: Make a note of the times, error messages, or any suspicious observations. Do not change any settings on the affected system, and do not attempt to “test” the incident on your own.
  2. Immediate reporting: Time is one of the essence factor. Report the incident immediately through the channels listed below.
  3. Maintain confidentiality: Do not inform any uninvolved third parties about the incident, so as not to jeopardize the ongoing investigation and any evidence preservation efforts.

Central Contact Points for Incident Reporting

Please use the following contact point as your preferred method for reporting incidents.

Incident-Team
E-Mail: incident(at)strojmetal.com

Data Protection Officer
E-Mail: dsb(at)reichert-reichert.de

Information required for your report

To ensure prompt processing, your message should include the following information (if available):

  • Who is reporting the incident? 
    (Name and phone number for follow-up questions)
  • What happened? 
    (Brief description of the incident)
  • When was the incident discovered and when did it begin?
  • What data or systems are affected? (e.g., project name, server name, location/building)
  • How serious do you consider this incident to be? (Risk to ongoing operations or loss of prototype protection data?)