The availability, integrity (completeness and accuracy) and confidentiality of information are core pillars of information security and therefore a central element of Benning’s management and control processes.

The aim of Benning’s information security policy is to ensure appropriate and effective protection of potentially critical systems, products, applications and information through personnel, technical and organizational measures.

Currently, Benning is adjusting and substantially improving all processes, where needed, according to the standards of ISO/IEC 27001:2022, which reflects current legal and regulatory requirements in the field of information security. We have scheduled to accomplish the certification audit by mid of 2026.

We constantly improve our IT infrastructure to ensure high availability of electronically processed and stored data, to prevent unplanned disruptions —particularly those caused by third parties— the entire IT security architecture is being redesigned spanning from planning and procurement of software or hardware to their secure return and disposal. Our precautionary measures include but are not limited to security concepts and emergency measures (including product-specific cybersecurity responses).

We ensure through technical and organizational state-of-the-art measures that the information provided is neither intentionally nor unintentionally incorrect or manipulated. We understand that information must be complete and accurate with respect to the subject matter.

We continuously raise cyber awareness of our staff through training and professional development measures that prepare all employees for information and product security.

We restrict access to available information according to the task (“need-to-know” principle) in order to ensure the confidentiality of data. This applies especially to the protection of our essential know-how, as well as to the handling of customer and employee data, where compliance with the General Data Protection Regulation (GDPR) is particularly important.

We are further aligning our hard- and software development processes to reflect the „secure by design“ and the “secure by default” approach as stipulated in the CRA to harden our digital products against cyber threats throughout the lifecycle of our products.

While we already apply the standards of the ISO/IEC 62443 in our recent development activities, and our goal is to be certified early 2027, significantly ahead of the deadline of December 11th, 2027.

Despite of all our efforts to enhance Cybersecurity for our operations and products we understand that security incidents cannot be ruled out completely. Hence, we offer reporting paths via our CISO and the Information Security Officer (itsecurity@benning.de) who are supervising our corporate information security policy and efforts.