The demands on risk management have increased in recent years, particularly due to the introduction of the new audit standard IDW PS 340, which regulates the audit of companies’ risk early warning systems. This standard requires companies to set up and operate an appropriate and effective risk early warning system that records all significant risks that could endanger the continuation of the company’s activities.

To meet these requirements, Pfeiffer Vacuum decided to implement the CRISAM® software. The CRISAM® GRC platform is an integrated solution for governance, risk and compliance management developed by CALPANA. The software supports Pfeiffer Vacuum in systematically recording, analysing and controlling risks throughout the company. Both qualitative and quantitative methods are used to evaluate and prioritise risks. The software also enables the creation of reports and dashboards that provide a transparent overview of the risk situation.

The introduction of CRISAM® GRC has brought Pfeiffer Vacuum numerous advantages. On the one hand, the company has adapted its risk early detection system to the current standard and thus increased its audit security. On the other hand, the company has strengthened its risk culture and initiated a continuous improvement of risk management. In addition, the company has increased its efficiency by avoiding redundant processes and exploiting synergies.

The case study shows how Pfeiffer Vacuum has introduced CRISAM® GRC, a modern and powerful risk management software that meets the requirements of IDW PS 340 nF and gives the company a competitive advantage.

In addition to the CRISAM® GRC risk management module, Pfeiffer Vacuum has also implemented an information security management system (ISMS) to ensure the security of its data and systems. The CRISAM® ISMS module is a systematic approach to managing information based on international standards. An ISMS includes both technical and organizational measures to protect the confidentiality, integrity and availability of information.

Implementing an ISMS was important for Pfeiffer Vacuum for several reasons. On the one hand, the company needed to meet the increasing demands of its customers and partners, who expect a high level of security for their data. On the other hand, the company needed to protect itself from the growing threats from cyberspace that could jeopardize its business continuity. Finally, the company also had to ensure its compliance with applicable laws and regulations, such as the General Data Protection Regulation (GDPR).

To successfully implement an ISMS, Pfeiffer Vacuum took several steps. First, the company took stock of its existing security measures and performed a gap analysis to identify the gaps. The company then conducted a risk analysis to identify the most critical threats and vulnerabilities. Based on this analysis, the company developed a security strategy and set corresponding goals. The company then created and implemented an action plan to take the necessary measures. These included, for example, defining security policies and processes, training employees, installing security technologies, and conducting audits. Finally, the company has continuously monitored and regularly reviewed its ISMS to measure effectiveness and identify opportunities for improvement.

The case study shows how Pfeiffer Vacuum has used an ISMS to achieve a high level of information security that meets its business needs and gives it a competitive advantage.