IT risk

At Volkswagen, a global company geared towards further growth, the information technology (IT) used in all divisions Group-wide is assuming an increasingly important role. IT risks exist in relation to the three protection goals of confidentiality, integrity and availability, and comprise in particular unauthorized access to, modification of and extraction of sensitive electronic corporate data as well as limited systems availability as a consequence of downtime and disasters.

We address the risk of unauthorized access to, modification of, or extraction of corporate data with IT security technologies (e.g. firewall and intrusion prevention systems) and a multiple-authentication procedure. Additionally, we increase protection by restricting the allocation of access rights to systems and information and by keeping backup copies of critical data resources. We use technical resources that have been tried and tested in the market, adhering to standards applicable throughout the Company. Redundant IT infrastructures protect us against risks that occur in the event of a systems failure or natural or other disaster.

One of our focuses is on continuously enhancing our security measures. The current IT security program, for example, is built on structured rights management, optimization of IT infrastructure, application security and the IT security command center. The role of the latter is to detect cyber-attacks at an early stage and thus help to successfully defeat them using the latest tools. The command center is staffed around the clock in three regions (Europe, America, Asia). Volkswagen complements these technical measures with consistent awareness raising and training for all employees.

The high standards we set for the quality of our products also apply to the way in which we handle our customers’ and employees’ data. In particular, the digital services for mobility services must be secured. Our guiding principles are data security, transparency and informational self-determination.