#Investors
#Technology

17.10.2018

TÜV Hessen certifies information security at Helaba

Helaba awarded ISO 27001 certification in cash management

TÜV Hessen certifies information security at Helaba
Helaba has been awarded ISO 27001 certification by TÜV Hessen for cash management activities at its Offenbach, Dusseldorf, Erfurt and Berlin offices. Erwin Blumenauer, Managing Director of TÜV Hessen, presented the certificate in the MAIN TOWER to Markus Jörg, Head of Cash Management and Christoph Bernius, CISO and Head of Information Security Management at Helaba.

„We are delighted to be able to present Helaba with this certification. This makes it the first Landesbank in Germany to have certified information security and demonstrates how much the importance of digital security has increased in recent years.“

Erwin Blumenaber
Director of  TÜV Hessen

With its ISO 27001 certification, TÜV Hessen certifies that Helaba's Information Security Management System (ISMS) meets the most stringent requirements and confirms that data is handled securely and confidentially. “We are delighted to be able to present Helaba with this certification,” says Erwin Blumenauer. “This makes it the first Landesbank in Germany to have certified information security and demonstrates how much the importance of digital security has increased in recent years. Therefore, in addition to our classic services, TÜV Hessen offers a range of solutions in the field of cyber and information security, which we bundle in a separate business unit - such as data protection checks or continuous cyber-attack monitoring on a platform basis.”

In addition, the certification supports the bank in fulfilling the statutory provisions of the Minimum Requirements for Risk Management (MaRisk). “MaRisk implicitly requires every credit institution to implement effective ISMS and ISO 27001 is the standard which these regulations refer to. With this certification, we are even going one step further than required by supervisory authorities,” explains Markus Jörg.

Christoph Bernius adds: “Furthermore, the systems of the Cash Management unit with their high volume of transactions are subject to the provisions of the IT Security Act. Helaba must therefore demonstrate every two years that it is adequately implementing state-of-the-art technology to protect the systems concerned. For this reason, Helaba decided back in 2016 to bring its ISMS into line with ISO 27001.”

As part of the certification process, the ISMS was subjected to various tests by auditors from TÜV Hessen: From the awareness and competence of employees and management to physical and environmental security such as data centre protection and supplier management. “With the successfully completed certification, Helaba is the first credit institution to provide documented proof that the requirements for information security in cash management have been met at its Offenbach, Dusseldorf, Erfurt and Berlin offices and that measures to protect information have been implemented throughout the organisation,” confirms Elmar Stark, Head of the Information Security Team at TÜV Hessen.


Ursula-Brita Krück
Deputy Press Officer

We, the Landesbank Hessen-Thüringen Girozentrale (Helaba), use cookies that are absolutely necessary to provide you with our website. No additional cookies will be set for the duration of your visit to this website if you close the banner by clicking on "Decline". If you give your consent, we will use additional cookies to process information about your use of our website for the purposes of statistics (such as measuring reach) and marketing (such as displaying personalized content).

Your consent is voluntary and not necessary for the use of the website. By clicking on "Settings", you can individually determine in detail which cookies we may use based on your consent.

You can also consent to all additional cookies at the same time by clicking on "Accept".

You can revoke your consent at any time via the "shield icon" in the toolbar on each page or change your cookie settings there.

Cookies

When you visit our website, Helaba makes use of required and optional cookies. Cookies are small text files that are stored on your computer and saved by your browser. Their purpose is to make our range of services more user-friendly, for example so that you do not have to re-confirm an automatically generated disclaimer more than once. Cookies that we use are so-called “session cookies” because they are automatically reset at the end of your visit to our website.

Further information on the use of cookies on helaba.com can be found at Data protection.

cookie [publisher]purposestorage period / Follow-up processingthird country transfer
disclaimer_disclosureRequirements [helaba]necessary: Verification when accessing certain (sub) areas of the websitesessionno
disclaimer_residenceGermany [helaba]necessary: Verification when accessing certain (sub) areas of the websitesessionno
hideCookieNotice [helaba]necessary: Saves that the cookie or data protection notice will not be requested every time you visit.30 daysno
WSESSIONID [helaba]necessary: Standard cookie to use with PHP session data.sessionno

The sole purpose of using analytical services on our website is to optimise the online information we provide. Data collected in this way, such as IP address, date or time of the request, contents of the page accessed or the browser used do not enable any users to be directly identified. Analysis by Helaba of a user’s data is not intended to identify any individuals or conduct any profiling, in order to, for instance, send online advertising to visitors of our website.

You  find more information on statistics cookies here: Data protection

cookie [publisher]purposestorage period / Follow-up processingthird country transfer
_et_coid [etracker]statistic: cookie detection2 years / Evaluation to improve the user experience of our websiteno
allowLoadExternRessources [helaba]statistic: Saves the user decision that external components may be loaded automatically.30 days / Evaluation to improve the user experience of our websiteno
allowTracking [helaba]statistic: Saves the user decision that visitor behavior may be tracked.30 days / Evaluation to improve the user experience of our websiteno
BT_ctst [etracker]statistic: Is used to detect whether cookies are activated in the visitor's browser or not.session / Evaluation to improve the user experience of our websiteno
BT_pdc [etracker]statistic: Contains Base64-coded visitor history data (is customer, newsletter recipient, visitor ID, displayed smart messages) for personalization.2 years / Evaluation to improve the user experience of our websiteno
BT_sdc [etracker]statistic: Contains Base64-encoded data of the current visitor session (referrer, number of pages, number of seconds since the beginning of the session), which is used for personalization purposes.session / Evaluation to improve the user experience of our websiteno
isSdEnabled [etracker]statistic: Detection of whether the visitor's scroll depth is measured.1 hour / Evaluation to improve the user experience of our websiteno

On our website, we use a so-called re-targeting technology provided by The UK Trade Desk Ltd., 10th Floor, 1 Bartholomew Close, London EC1A 7BL, United Kingdom. With this technology, cookies (so-called third-party cookies) are stored on your hard drive when you visit our website. These cookies are either permanent or temporary cookies that are automatically deleted after a certain period of time has elapsed.

You find more information on marketing cookies here: Data protection

cookie [publisher]purposestorage period / Follow-up processingthird country transfer
EDAAT [.adsrvr.org]Marketing: Stores a temporary security token for EDAA sign-out pages such as http://www. youronlinechoices. com/1 hour / evaluation for the playout of banners for marketing purposesyes / United Kingdom
TDCPM [.adsrvr.org]Marketing: Matching IDs to avoid redundant calls.365 days / evaluation for the playout of banners for marketing purposesyes/ United Kingdom
TDID [.adsrvr.org]Marketing: recognition of web profiles over time on different websites.365 days / evaluation for the playout of banners for marketing purposesyes / United Kingdom
TTDOptOut [.adsrvr.org]Marketing: Stores the decision to opt out of re-targeting.5 years / evaluation for the playout of banners for marketing purposesyes / United Kingdom
TTDOptOutOfDataSale [.adsrvr.org]Marketing: Stores the decision against selling data to third parties.5 years / evaluation for the playout of banners for marketing purposesyes / United Kingdom
No choice made so far
Partial selection made
Agreed to all cookies