Case study
Automotive
CUSTOMER
A LEADER IN THE EUROPEAN MARKET.
OUR CUSTOMER IS AN ESTABLISHED AUTOMOTIVE COMPANY WITH OVER 30 YEARS OF CONTINUOUS IMPROVEMENT, SPECIALISED IN DEVELOPMENT, MANUFACTURING, VALIDATION, AND MARKETING OF PREMIUM QUALITY ELECTRONIC CONNECTION SYSTEMS FOR THE AUTOMOTIVE INDUSTRY AND PROVIDING CUTTING-EDGE PRODUCTS TO MORE THAN 20 OF THE BIGGEST AUTOMOTIVE ORIGINAL EQUIPMENT AND AFTERMARKET BRANDS AROUND THE WORLD.
THE CHALLENGE
Our customer is ISO/TS 16949 certified, which has been one of the automotive industry’s most widely used international standards for quality management. In 2016 the International Automotive Task Force (IATF) published the IATF 16949:2016 which supersedes and replaces the current ISO/TS 16949.
At the same time that our customer is working on the transition from the ISO/TS to the IATF standard, the number of supply-chain compliance requests is increasing steadily (which is a trend currently observed in all markets). For instance, our customer has been requested to be assessed according to the Information Security Assessment of the Verband der Automobilindustrie (VDA) – a regulation which builds heavily on ISO 27001/27002, is obliged to comply with the EU General Data Protection Regulation (GDPR), and continues to be compliant with ISO 9001 while considering ISO 14001 certification.
THE SOLUTION
Controls are supported by “evidence” in the form of documents uploaded in the GRC-Boxx or links to other systems, registrations that need to be filled-in, and procedures that have to be followed. The entire organisation can be involved in the process, as tasks can be assigned as necessary, monitored by the GRC-Boxx which sends reminders and triggers the appropriate escalations if necessary. Sustaining a high level of organizational involvement is necessary when in the process of becoming or staying compliant in regulated business environments.
- Single Sign-On (SSO) supporting a variety of means of authentication:
- Flexible, customisable procedures
- Full GDPR compliance, including a data-breach process
- Incident management
- Internal & external audit support
- Supply-chain compliance (sending requests, collecting responses)