Tag: PLM

ISO 27001 & Cloud PLM: reliably protecting product data

Why certification should be considered when choosing a system

A PLM system stores a wide range of sensitive product data — from the first sketch to the finished product. What happens if this data falls into the wrong hands? Or if third parties manipulate the information?

Companies can avoid such risks using certified Cloud PLM software according to ISO 27001. The certification follows globally recognized standards that ensure information security at all times.

In this blog post, you’ll learn why ISO 27001 certification is an important criterion when selecting a cloud-based PLM system. You’ll also get an insight into the processes and methods certified providers use to protect your data.

What is ISO 27001 Certification?

ISO/IEC 27001 is an international standard that defines the requirements for an Information Security Management System (ISMS). An ISMS includes policies, procedures, and technical measures that systematically protect information within an organization.

The ISMS defines three security objectives:

• Confidentiality: Only authorized persons are allowed to access sensitive information. Measures like encryption, access control lists, and file permissions ensure confidentiality.

• Integrity: Only authorized persons can modify data. It must be ensured that unauthorized changes can be undone.

• Availability: Information must always be accessible to authorized users. Risks like power or network outages are taken into account.

Independent certification bodies carry out the ISO 27001 certification. Key requirements include:

• Risk assessment and management: Identification of potential threats and vulnerabilities.

• Security Policies: Establishing clear guidelines for handling information.

• Training: Raising awareness among employees about information security.

• Continuous improvement: Regular reviews and optimization of security measures.

Advantages of ISO 27001 Certification for Cloud Providers

1. Trustworthiness and Transparency

ISO 27001 certification shows that the cloud provider follows high security standards, handles data with maximum care, and proactively addresses potential risks.

2. Risk Minimization

Companies that store sensitive data in the cloud need adequate protection against cyberattacks, data loss, and unauthorized access. ISO 27001 certification proves that the provider has implemented effective protective measures.

3. Compliance and Legal Requirements

Since certified cloud providers already meet crucial security standards, it’s easier for customers to comply with data protection and security regulations such as the EU General Data Protection Regulation (GDPR).

4. Efficient Risk Management

ISO 27001 provides structured risk management processes. They help systematically identify, minimize, and address vulnerabilities early and reliably.

Conclusion

Cyberattacks caused economic damage of 266 billion euros in Germany alone in 2024. When selecting software such as Cloud PLM, IT security should be one of the key criteria. ISO 27001 certification signals to companies that their data is comprehensively protected. It follows reliable security standards and facilitates compliance with legal requirements.

The development and operation of cloud products based on CONTACT Elements meet the strict requirements of the ISO 27001 standard. This certification confirms that CIM Database Cloud meets the highest security standards and ensures effective management of information security risks.

Shh, don’t talk out loud about PLM!

Phew, as a PLM fan you had to take a deep breath last week: Two well-known bloggers lowered their thumbs in the headlines: Joe Barkai: “Why I Don’t Do PLM” and Oleg Shilovitsky: “Are PLM conferences dead?

Curiously, both pull on the opposite ends of the rope. For Barkai, the classic view of PLM as a “single version of the truth” falls short, while Shilovitsky conjures up the basics behind the PLM idea.

Barkai: „I find it fascinating that traditional PLM software vendors are not realizing how the Internet of Things and the connected enterprise are breathing a new life into the PLM space that does not quite know how to reinvent itself. After decades of using enterprise PLM software, it is still common to hear at a PLM conference a speaker announcing, “Let me give you my definition of PLM.” Or those never-ending debates about eBOMs and mBOMs and where PDM ends and PLM begins.“

Shilovitsky: “I know many people struggling with their PLM decisions and fighting alone to balance tools, budgets, organizational and cultural changes and timelines. Companies are struggling with very basics things – Part Numbers, Change Management, Revisions, and others. To discuss the real problems, can be an opportunity. This is the foundation – the story. This is a single unit… If a single unit doesn’t sell, making it broader or scaling it up won’t solve the problem.”

To be honest, depending on which colleagues I talk to in our company, it could turn out similar. But there is one thing we are all pretty sure about: Writing PLM in bold on an invitation or an advertisement takes some courage these days.

So are the best times of PLM over?

Companies survive in the market because they listen to their customers and adapt their offer to new requirements and possibilities in good time! Yes, the basics are still the low-hanging fruits, and the pioneers are taking care of the more demanding potentials in the product lifecycle, where the integration of disciplines, tools and processes is at stake. Some PLM providers, for example, are using their experience and their current portfolio around the virtual product to expand their offering towards the internet of things and the digital twin.

This highlights the dilemma: PLM, unlike ERP or financial accounting, has never been a self-runner. The PLM idea has always had to be particularly convincingly motivated by the sponsors.

And this has often not been successful, as my colleague Rolf Stübbe puts it in a nutshell in his blog post “20 years of PLM: Why do many still doubt the benefits“: “Despite the renewed increase in attention for PLM, I notice that the term still has a large, cumbersome, tedious and uneconomical flavour. Supposed lighthouse projects such as the almost endless Teamcenter introduction at VW and Dassault’s licensing policy, which was one of the reasons for the Code of PLM Openness Initiative, are representative of the many pinpricks that have tarnished the reputation of PLM over time.

Conclusion

It’s like Monty Python in the Fawlty Towers episode of “The Germans”: “Don’t mention the war!” PLM: Everyone thinks about it, but everyone tries to avoid the term. 

Yet times have never been better for the PLM idea than today. The pressure in companies is high and continues to rise in order to take advantage of the opportunities offered by the digital transformation. But storytelling must get better. The old stories and complicated definitions are certainly no longer suitable, and the PLM concept as an advertising medium is only of limited use. Storytelling and project marketing belong together right from the start. It starts with the goals. Here I am with Oleg Shilovitsky: we shouldn’t throw out the baby with the bathwater. Crude promises and obscure visions that are doomed to failure do not help, on the contrary. It is better to package the low hanging fruits attractively, give the project a meaningful name and do everything possible to ensure that the initial, manageable goals are achieved.

PLM-Fauxpenness hat keine Zukunft

PLM-Blogger Oleg Shilovitsky, der sich wiederum auf einen Beitrag von Monica Schnitger bezieht, verdanke ich die Entdeckung eines wundervollen Begriffs, der ursprünglich in der Open Source Community geprägt wurde: Fauxpenness. Er bezeichnet eine Software, die vorgibt Open (Source) zu sein, aber es nicht wirklich ist. Der Begriff lässt sich prächtig auf die PLM-Hersteller und ihre Produkte übertragen, die aller Lippenbekenntnisse und der Unterzeichnung des Code of PLM Opennness (CPO) zum Trotz noch längst nicht so offen sind, wie sie sein müssten, um den wachsenden Kundenanforderungen in punkto Interoperabilität zu genügen. Continue reading “PLM-Fauxpenness hat keine Zukunft”