cbtl_logo

How CBTL built their ISMS and got a certification on TISAX® with DataGuard

“When customers first started asking us about TISAX® we decided to schedule an assessment. It was clear to us that proven data privacy compliance and strong information security would be a real competitive advantage for our organization.”

cbtl_christoph_herold

Christoph Herold

Chief Development Officer

CBTL

In many organizations, online courses, customer webinars and virtual product training are now part of everyday life in the Learning & Development or Human Resources departments. After all, the origins of this innovative and interactive method of knowledge transfer date back to the year 2000. Founded in 1999, Munich-based Computer Based Training and Learning GmbH (CBTL) is one of the pioneers of e-learning and a leading provider in this market with its EVOLUTION³ production platform for learning content.

Location

Germany

Company size

Small & medium business

Industry

Tech

Product

Security

How CBTL built their ISMS and got the certification on TISAX® with DataGuard

CBTL and the EVOLUTION³ authoring tool were initially certified to TISAX® version 4.1. At the beginning of 2024, the company carried out the required recertification to TISAX® version 5.1 and, with the expertise and advice of DataGuard, successfully achieved the highest security level of certification.

As a highly innovative company, CBTL has long been aware that information security is a top priority. It‘s one of the company's central unique selling points and the software made in Germany is the preferred solution for the company’s partners with strict security requirements. For this reason, both CBTL itself and the flagship product EVOLUTION³ are the only authoring tools on the market to be TISAX®-certified. This double certification covers information security, data protection and company processes, as well as product integrity with fully secured programming processes.

Why CBTL needed TISAX®

As a platform for digital and interactive learning, the software handles a large amount of sensitive information that demands special protection. This applies both to the learning content, the behavior of the learners and their journey through the learning path. Protecting this data is a must for preserving the integrity of the learning program. CBTL recognizes its responsibility and places data security and integrity at the central focus.

Some of CBTL's long-term customers are large German automotive companies that require their suppliers to be TISAX® certified.

“The requirements with regard to data privacy and information security recently increased massively with our automotive customers, similarly to our industrial customers from other industries.”

The certification enables CBTL to demonstrate its commitment to information security and win new customers in other industries. This is because the TISAX security standard is now recognized by many companies and helps with many security issues.

Making information security assessments easier

Tackling an information security assessment can be challenging without the appropriate knowledge and experience. The process of conducting two parallel certifications for the company CBTL and the authoring tool EVOLUTION³, is greatly simplified with the right support. DataGuard provided CBTL with the necessary assessment advice and helped develop an efficient routine successfully maintained during recertification.

The highest level of certification for the highest level of security

CBTL achieved level 3, the highest level assessment on TISAX® certification in the area of information security and data protection. This means that CBTL and the authoring tool not only meet but exceed the requirements, ensuring the security of processes and the integrity of data. Customers and partners can rest assured that all information is handled with care and diligence, demonstrating CBTL's strong commitment to security.

 

How CBTL set up a routine for information security with DataGuard

  • Quarterly internal audits: DataGuard’s consultants ran quarterly audits, focusing on a specific portion of controls as per the requirements for the assessment on TISAX® each time. Action plans based on the findings were reviewed by CBTL's internal security council.
  • Addressing customer requirements: Some customers had their own security questionnaires during onboarding. DataGuard’s experts helped CBTL navigate these questionnaires by linking them to relevant controls as per the requirements for the assessment on TISAX®.
  • Implementing and maintaining controls: DataGuard's expertise aided CBTL in establishing and maintaining a robust ISMS that meets the requirements for the assessment on TISAX®.
  • Audit support: DataGuard’s experts provided valuable guidance and support throughout the audit process.
  • Enabling a smooth transition: DataGuard's expertise helped CBTL transition to the TISAX 5.1 standard and successfully pass the audit.

CBTL values DataGuard's blend of tech and human expertise

  • Long-standing relationship and trust: The established relationship between CBTL and DataGuard fosters open communication and reliable support.
  • Quality consulting: DataGuard’s consultants consistently deliver valuable expertise.
  • Overcoming challenges: During the audit for certification on TISAX®, a DataGuard consultant's professional approach played a key role in achieving a successful outcome.

Beyond certifications: CBTL sees security as an ongoing strategy

CBTL is continuously working to improve information security and is already preparing for the next cross-industry certification. Security is not a one-off for CBTL, it’ is a core promise to customers, especially with the new version of TISAX®, and CBTL always strives to always be one step ahead. For CBTL, security means having the right policies, processes and measures in place and ensuring that these are part of daily operations. DataGuard helps by offering consulting and regular check-ins to support the implementation of the new standards, processes, and policies.