ISO 27001 & Cloud PLM: reliably protecting product data

Why certification should be considered when choosing a system

A PLM system stores a wide range of sensitive product data — from the first sketch to the finished product. What happens if this data falls into the wrong hands? Or if third parties manipulate the information?

Companies can avoid such risks using certified Cloud PLM software according to ISO 27001. The certification follows globally recognized standards that ensure information security at all times.

In this blog post, you’ll learn why ISO 27001 certification is an important criterion when selecting a cloud-based PLM system. You’ll also get an insight into the processes and methods certified providers use to protect your data.

What is ISO 27001 Certification?

ISO/IEC 27001 is an international standard that defines the requirements for an Information Security Management System (ISMS). An ISMS includes policies, procedures, and technical measures that systematically protect information within an organization.

The ISMS defines three security objectives:

• Confidentiality: Only authorized persons are allowed to access sensitive information. Measures like encryption, access control lists, and file permissions ensure confidentiality.

• Integrity: Only authorized persons can modify data. It must be ensured that unauthorized changes can be undone.

• Availability: Information must always be accessible to authorized users. Risks like power or network outages are taken into account.

Independent certification bodies carry out the ISO 27001 certification. Key requirements include:

• Risk assessment and management: Identification of potential threats and vulnerabilities.

• Security Policies: Establishing clear guidelines for handling information.

• Training: Raising awareness among employees about information security.

• Continuous improvement: Regular reviews and optimization of security measures.

Advantages of ISO 27001 Certification for Cloud Providers

1. Trustworthiness and Transparency

ISO 27001 certification shows that the cloud provider follows high security standards, handles data with maximum care, and proactively addresses potential risks.

2. Risk Minimization

Companies that store sensitive data in the cloud need adequate protection against cyberattacks, data loss, and unauthorized access. ISO 27001 certification proves that the provider has implemented effective protective measures.

3. Compliance and Legal Requirements

Since certified cloud providers already meet crucial security standards, it’s easier for customers to comply with data protection and security regulations such as the EU General Data Protection Regulation (GDPR).

4. Efficient Risk Management

ISO 27001 provides structured risk management processes. They help systematically identify, minimize, and address vulnerabilities early and reliably.

Conclusion

Cyberattacks caused economic damage of 266 billion euros in Germany alone in 2024. When selecting software such as Cloud PLM, IT security should be one of the key criteria. ISO 27001 certification signals to companies that their data is comprehensively protected. It follows reliable security standards and facilitates compliance with legal requirements.

The development and operation of cloud products based on CONTACT Elements meet the strict requirements of the ISO 27001 standard. This certification confirms that CIM Database Cloud meets the highest security standards and ensures effective management of information security risks.

Using SCIM in Cloud PLM Systems

Efficient User and Access Management in Product Lifecycle Management

As companies grow, drive innovation, and navigate staff changes, the number of user accounts naturally increases. Every tool — whether for customer management or team collaboration — requires its own user account. This poses a significant challenge for the IT department, as every request, such as adding new users or modifying permissions, consumes valuable resources. This effort can be minimized with SCIM (System for Cross-Domain Identity Management) — efficiently, securely, and user-friendly.
In this article, learn how SCIM facilitates the entire process of managing user data in Cloud PLM systems through automated identity lifecycle management.

What is SCIM?

SCIM is an open standard designed to facilitate the exchange and synchronization of user data and permissions across different applications and systems. It was developed to minimize administrative effort in managing user data while enhancing security.
SCIM allows organizations to manage user accounts centrally. Related information is automatically transferred to other applications, such as Cloud PLM systems.

Why is SCIM important for Cloud PLM Solutions?

Without an automated solution like SCIM, companies face two challenges when managing user data and access rights in Cloud PLM systems:
• High manual effort: Users must be created, updated, or deleted individually across multiple systems.
• Security risks: Outdated user accounts in PLM systems can create security vulnerabilities.

What are the Benefits of using SCIM in Cloud PLM Systems?

SCIM significantly reduces the effort required to manage user accounts. It seamlessly connects identity management systems with enterprise applications, eliminating the need to develop and maintain custom integrations.
This relieves the IT department and employees in other departments benefit from Single Sign-On (SSO). With a single login, they gain access to all necessary applications. This streamlines workflows and reduces password reset requests by up to 50%. By minimizing administrative tasks, more time is available for core tasks. Automated synchronization ensures that user data remains up-to-date and consistent across all systems.
Security also increases significantly in combination with Single Sign-On. Thanks to centralized SSO authentication based on OpenID Connect (OIDC), there’s no need to have a separate password for each account. This reduces security risks related to weak or reused passwords. Companies can enforce security policies more consistently and integrate new workflows or applications more easily. At the same time, they maintain full control over user accounts.

Can Companies use the SCIM Interface with CIM Database Cloud?

The SCIM interface is now available for CIM Database Cloud. It is part of the CIM Database Cloud infrastructure and does not incur additional licensing costs.

Conclusion

SCIM is a standard that automatically synchronizes user data and permissions across different systems. By integrating SCIM into Cloud PLM solutions, companies can streamline their processes, reduce security risks, and minimize administrative overhead.
Take advantage of the benefits of cloud-based PLM software now: CIM Database Cloud is the solution for end-to-end digital product development with an integrated SCIM interface.

Building a Semantic Search: Insights from the start of our journey

Research in the field of Artificial Intelligence (AI) is challenging but full of potential – especially for a new team. When CONTACT Research was formed in 2022, AI was designated as one of four central research areas right from the start. Initially, we concentrated on smaller projects, including traditional data analysis. However, with the growing popularity of ChatGPT, we shifted our attention to Large Language Models (LLMs) and took the opportunity to work with cutting-edge tools and technologies in this promising field. But as a research team, one critical question emerged: Where do we get started?

Here, we share some of our experiences which can serve as guidance to others embarking on their AI journey.

The beginning: Why similarity search became our starting point

From the outset, our goal was clear: we wanted more than just a research project, we aimed for a real use case that could ideally be integrated directly into our software. To get started quickly, we opted for small experiments and looked for a specific problem that we could solve step by step.

Our software stores vast amounts of data, from product information to project details. Powerful search capabilities make a decisive difference here. Our existing search function did not recognize synonyms or natural language, sometimes missing what users were really looking for. Together with valuable feedback, this quickly led to the conclusion that similarity search is an ideal starting point and should therefore be our first research topic. An LLM has the power to elevate our search functionality to a new level.

The right data makes the difference

Our vision was to make knowledge from various sources such as manuals, tutorials, and specifications easily accessible by asking a simple question. The first and most crucial step was to identify an appropriate data source: one large enough to provide meaningful results but not so extensive that resource constraints would impede progress. In addition, the dataset needed to be of high quality and easily available.

For the experiment, we chose the web-based documentation of our software. It contains no confidential information and is accessible to customers and partners. Initial experiments with this dataset quickly delivered promising results, so we intensified the development of a semantic search application.

What is semantic search?

In short, unlike the classic keyword search, semantic search also recognizes related terms and expands queries to include contextually-related results – even if these are phrased differently. How does this work? In our first step with semantic indexing, the LLM converts the content of source texts into vectors and saves them in a database. Search queries are similarly transformed into vectors, which are then compared to stored vectors using a “nearest neighbor” search. The LLM returns the results as a sorted list with links to the documentation.

Plan your infrastructure carefully!

Implementing our project required numerous technical and strategic decisions. For the pipeline that processes the data, LangChain best met our requirements. The hardware also poses challenges: for text volumes of this scale, laptops are insufficient, so servers or cloud infrastructure are required. A well-structured database is another critical factor for successful implementation.

Success through teamwork: Focusing on data, scope, and vision

Success in AI projects depends on more than just technology, it is also about the team. Essential roles include Data Engineers who bridge technical expertise and strategic goals, Data Scientists who analyze large amounts of data, and AI Architects who define the vision for AI usage and coordinate the team. While AI tools supported us with “simple” routine tasks and creative impulses, they could not replace the constructive exchange and close collaboration within the team.

Gather feedback and improve

At the end of this first phase, we shared an internal beta version of the Semantic Search with our colleagues. This allowed us to gather valuable feedback in order to plan our next steps. The enthusiasm for further development is high, fueling our motivation to continue.

What’s next?

Our journey in AI research has only just begun, but we have already identified important milestones. Many exciting questions lie ahead: Which model will best suit our long-term needs? How do we make the results accessible to users?

Our team continues to grow – in expertise, members, and visions. Each milestone brings us closer to our goal: integrating the full potential of AI into our work.

For detailed insights into the founding of our AI team and on the Semantic Search, visit the CONTACT Research Blog.