Security

Interview: Heiko Winkler about Corporate Security

04.06.2014 - Zeiss is an international leader in optics and optoelectronics. In the financial year 2012/13, over 24,000 employees of the company achieved sales of approximately 4.2 billion euro...

Zeiss is an international leader in optics and optoelectronics. In the financial year 2012/13, over 24,000 employees of the company achieved sales of approximately 4.2 billion euros. The company develops and manufactures solutions for the semiconductor, automotive and mechanical engineering industries, biomedical research, medical technology as well as spectacle lenses, photographic and film camera lenses, binoculars and planetariums. Our scientific editor, Heiner Jerofsky, asks Heiko Winkler about his field of activity, his experience and thoughts on corporate security.

GIT SECURITY: The company has an outstanding global reputation. It stands for precision, technology and know-how Made in Germany. For three years you have been responsible for data and IT security, site and personnel security as well as crisis management at Carl Zeiss AG. Before that you spent many years in a similar post at MTU in a similar post. How do you organise your department and how should the reader see your work in a scientific environment?

Heiko Winkler: For a high-tech company such as Zeiss knowledge and expertise are especially valuable - i.e. particularly also the data produced, processed, transported and stored in our IT systems and networks. Our focus of work is therefore obviously in the area of data and IT security. That is where the potential and the probability of damage are highest. In addition, however, we are responsible for conventional tasks involved in corporate security at Zeiss. The main focus is on design and strategic work but added to this are operational topics such as travel security and crisis management.

Where are the major dangers to company security at your site according to your risk assessment and how do you keep adjusting your security concept to the current risks and threats?

Heiko Winkler: As already mentioned, our main focus of work is obviously in the area of data and IT security. Our top priority is securing technological advances and knowledge in the company. For example, we observe how changes in habits of use of IT systems and applications impact on data processing. We are interested in what visionary innovations such as smart glasses, the Internet of Things (IoT) or the mobility of data has to offer. Therefore we also try to discover and assess trends outside the conventional security events and develop strategies on how we deal with this in the company.

How do you prevent and combat operational disruptions, criminal actions (thefts, sabotage, espionage) within the factory premises by visitors or employees?

Heiko Winkler: Our systems include physical security measures such as using qualified security officers, structural protection of the external perimeter, electronic access controls in multi-zone models as well as closed circuit television.

The development and production of optical and opto-electronic products requires highquality research establishments and technical facilities which have to be protected against disruptions of any kind. What is the importance of security technology, especially alarm systems, access and video technology, for company security?

Heiko Winkler: In my view, the latest up-todate security technology is the best basis for successful work by those in charge of security. A risk analysis determines the protection measures used. But technology alone is not sufficient. Security is always more about teamwork. Each individual employee contributes to company security by abiding by the rules and paying attention.

Which significance for you has the use of security staff? Do you work with your own and/ or with external staff and what are your experiences with these employees? What qualifications do you require and do you conduct your own training courses?

Heiko Winkler: As the head of security, without reliable security staff I would not sleep well. Zeiss co-operates in this area with regional companies - these are long-term collaborations. The deployed staff usually have a long connection from working at Zeiss. This guarantees us the best local and organisational knowledge while at the same time resulting in high identification with the client, Zeiss. Sound training as well as a comprehensive "on-the-job" induction at the respective site is the precondition for deployment at one of our sites.

The ID pass system can become an important part of operational security. What is your experience in dealing with modern access control systems?

Heiko Winkler: Zeiss has the status of "known shipper". We thereby guarantee that all safety regulations of the Federal Office of Aviation are complied with - and this includes an appropriate access control system. Without electronic access control, operational everyday life is hardly conceivable. Our access control system ranges from the barrier at the car park via the entrance to the factory premises through to the air-lock to the clean room. Particularly important for me is the incorporation of additional functions: from simply showing an ID pass via pre-registration of visitors through to a rapid response system in the event of danger.

How and by which measures can you fulfil your responsibility for data and IT security?

Heiko Winkler: In data security, technology and conduct are interlinked. The employees must be made aware of the value of the data processed by them. In addition they must be informed about existing risks. For this we use internal means of communication such as Intranet - there we recently started operating a security blog, the employee magazine or poster campaigns. An animated video was particularly popular in which we drew attention to possible security risks in dealing with PC and Co. in a modern way - and with a wink of the eye. We had 8,000 clicks on the German version in two days - i.e. it reached the majority of employees in Germany. On the technical side - apart from conventional basic preventive measures such as anti-virus programs - we focus particularly on early recognition measures. We are currently installing a Security Incident & Event Management (Siem) system.

To keep the business running even in a crisis, precautions, emergency and contingency plans are required. How should one envisage your crisis management?

Heiko Winkler: The crisis committee at Zeiss which I lead, consists of a small core team from the areas of corporate security, law and communications. Depending upon the scenario, it is supplemented by further specialists from the company. It is particularly important that the crisis committee is up and running quickly in the event of an emergency and the team can work flexibly and efficiently

Is there regular communication and/or cooperation with security or emergency management authorities?

Heiko Winkler: Naturally we co-operate closely and regularly with authorities at home and abroad, if security issues are concerned. Also the exchange with other companies and the networks of security officers is very valuable.

How important to you are the inner bond of employees with the company and a good working atmosphere? What do you do to promote employee satisfaction?

Heiko Winkler: A contented employee is willing to contribute by their conduct to the well-being of the company. We focus strongly on the personal responsibility of our employees if, for example, we allow private use of the Internet on the company PC or smartphone. From the perspective of corporate security at Zeiss it depends on us being perceived as modern partners and competent advisers of the Zeiss sectors and all employees - put simply, as a "Businesses Enabler" and not as a hindrance.

Thank you for your frank interview and we wish you continued success with your important work.

 

Contact

Carl Zeiss Meditec AG

Göschwitzer Str. 51 52
07745 Jena
Germany

+49 3641 220 0
49 3641 220 117