Information security commitment

CCL is proud to be valued by its customers and suppliers as an innovative, dynamic and reliable partner. The trust placed in us is both an incentive and an obligation for us. Information security makes our business possible by allowing us to enter into successful business relationships, penetrate new markets and take advantage of opportunities that would otherwise be considered too risky. By minimizing financial losses from security incidents, information security management contributes positively to the bottom line. This reinforces our reputation as a trustworthy, open, honest and ethical company.

Reliable secure data processing is an absolute necessity for the smooth running of a business. Inadequate protection of data and information, whether written, spoken or digital, is an underestimated risk factor which, if inadequately protected and not secured, can threaten the existence of the company.

The management is committed to this guideline, to compliance with the protection goals and to information security management as a whole, and provides the appropriate human, organizational and financial resources to operate and improve the ISMS in the company effectively and appropriately.

The management supports and is committed to information security through the organization-wide publication, enforcement and maintenance of this and other ISMS guidelines as well as in the control and further development of the ISMS, using all the required resources to achieve the organizational and technical measures and objectives.

All CCL employees must be committed to maintaining data privacy and information security in compliance with this policy, as our customers expect confidentiality, integrity and availability to be protected and violations can cause significant harm to our customers and us.

Personal data may only be processed with the consent of the data subject, provided that there is a defined purpose for this and there is no breach of legal requirements.

It is therefore the responsibility of all employees to avoid violations of the above-mentioned normative and legal requirements and to report any hazards or violations immediately. Appropriate reporting and escalation channels have been defined for this purpose.

Violations of the requirements will be prosecuted and punished accordingly.

  • Our information security management system (ISMS) has been assessed by TÜV Rheinland in accordance with VDA-ISA (TISAX® ) and is reviewed annually as part of the internal audit.
  • Audit results are documented, analyzed, evaluated and, if necessary, measures are derived. The P-D-C-A cycle (continuous improvement process) is an integral part of the ISMS.
  • CCL has a risk management system with documented process descriptions and averting procedures. Risk management is carried out regularly on the basis of ISO 27005 and analyzed annually with the management
  • Business continuity management is based on ISO 22301 and is a component of the ISMS.
  • Our employees are instructed and trained at least once a year. The information security guidelines are accessible to every employee and are mandatory.
  • Our suppliers are informed about the high importance of information security. CCL reserves the right to audit on the basis of the supplier self-disclosure.
  • To avoid conflicts of interest, data privacy and information security are separate roles, tasks and responsibilities.
  • The information security officer reports directly to the management. He is the central and responsible contact person for the workforce and third-party inquiries.


If you have any questions, please do not hesitate to contact the Information Security Officer at the e-mail address infosec.solingen(at) available.