Data Security and ISMS: risk2value at Wienerberger AG

This is an insight into the exciting podcast episode with Christoph Schacher, Information Security Manager at Wienerberger AG. The conversation partner was Claudia Howe, GRC Competence Lead at avedos (now GBTEC).

Christoph Schacher serves as Information Security Manager at Wienerberger AG, where he is responsible for global information security and data protection. Wienerberger is the world’s leading brick manufacturer. The company based in Austria offers a vast range of products and services including energy-efficient homes, secure sewer systems as well as solutions for patios and outdoor surfaces. Creating digital solutions to meet tomorrow’s demands – for example, planning or design aids for end users or B2B clients – is a prime focus.

Wienerberger has been a client of avedos since the fall of 2017. Although it had originally intended to implement an information security management system, fulfilling GDPR soon emerged as the higher priority. The company, which employs over 16,000 people, generates 3 billion euros in revenues worldwide. Its presence extends acrossin 30 countries in Europe and North America. The company operates over 200 plants in the relative vicinity of its sales markets, where sometimes several parent companies operate as well.

avedos GRC GmbH · avedos GRC Podcast - Folge 3 | Datenschutz und ISMS: risk2value bei der Wienerberger AG

Maturity model

In order to run compliance checks with the data protection regulations, the company developed a maturity level model with one- to five-star ratings similar to Amazon evaluations. Its objective was to achieve a certain number of evaluations in the individual dimensions (i.e. organization, processes, processing directory, deletion). Since Excel sheets or questionnaires could not deliver a structured overview, they were not feasible options for a global company of this size.

The company needed to create an overview that covered all key requirements in a very short time. At this time, T-Systems suggested taking a closer look at risk2value (now BIC GRC Solutions). Wienerberger made a prompt decision to implement risk2value and quickly achieved initial wins as well as complete results worldwide.

The time frame between determining the necessity for data protection management to selecting risk2value was approximately one month. Thanks to the strong support from avedos and its wide selection of standardized content, Wienerberger was able to go live with its first questionnaires in a matter of weeks.

As part of its data protection management, Wienerberger has been able to map questionnaires that determine the maturity level and maintain its complete processing directory in risk2value. Its approach has two levels: data processing and the documentation of applications (e.g. IT applications).

Data processing for applicant management, for example, must provide responses to individuals outside of the company. Oftentimes, there are offline printouts or Excel sheets containing lists of rankings. The subsidiaries were given the task to input their IT systems and offline attachments so that they are accessible if needed. Mapping questionnaires was another important task. The subsidiaries then checked them to ensure that responsibilities were clarified, processes were implemented, and employees were trained. The maturity level, which is divided into several dimensions, was derived from this information. Thanks to the solution, Wienerberger has gained a central overview of its data protection management as well as the ability to break it down by region or product segments.

The avedos GRC podcast series was launched in February 2019 to explore the topics of integrated GRC, enterprise risk management, internal control systems and information security management. Five episodes are currently available and can be streamed through leading platforms including Soundcloud, Spotifiy and Apple Podcast.

Value-based governance, risk and compliance management for your company's success

A professional GRC strategy builds the foundation for successful business management. BIC supports you with a unique combination of the latest technology, an intuitive user interface and fast implementation. That makes working with the BIC GRC Solutions so easy - in all GRC areas.

Expert information

Integrated GRC

The consolidation of the governance, risk and compliance areas provides decisive competitive advantages.

Product information

BIC Enterprise Risk

Build a foundation for a successful governance, risk and compliance strategy and cover all regulatory requirements.

Success Story

Deutscher Sparkassenverlag

The DSV Group relies on the integrated software platform BIC to dovetail the disciplines of Information Security, Risk Management and Control Management.

Product information

BIC Information Security

Protect your information and benefit from a standards-compliant ISMS with state-of-the-art technology.

Further resources on BIC GRC Solutions

Do you have any questions?

Do you have any questions about our products or services?
Our experts will gladly assist you and look forward to your request.

grc@gbtec.com +43 1 3670876 -0 Contact form

Expand your knowledge with our e-learnings on BPM & GRC.

To the GBTEC Learning Hub