cora is officially certified according to ISO/IEC 27001. TÜV Rheinland thus confirms that cora's information security management system (ISMS) meets the internationally recognized requirements for information security, data protection and systematic risk management. The certification covers both the Swiss headquarters and all German locations and underlines cora's holistic approach to security and compliance.
"As a leading manufacturer and expert in IT vending machines used by public authorities, banks and global companies, security plays a central role for us," says Melanie Müller, CEO of cora. "The ISO/IEC 27001 certification underpins and proves that we don't just talk about taking information security seriously, but that we do so consistently and effectively."
A systematic and verifiable approach to information security is essential, especially in highly sensitive areas of application where the availability, integrity and confidentiality of business-critical information are essential. ISO/IEC 27001 certification is an internationally recognized mark of quality and a clear signal to cora's customers and partners.
"This certification is of key importance to our customers," says Marcel Leonhard, Chief Product Officer at cora. "It shows that we don't think about information security on a selective or project-related basis, but as a consistent quality feature of our services. Our customers entrust us with business-critical systems, sensitive data and complex IT processes. ISO/IEC 27001 certification gives them the assurance that the availability, integrity and confidentiality of this information are systematically protected - today and in the long term."
You can find the official certificate here
The scope of the certification is particularly noteworthy: cora's ISO/IEC 27001 certification did not exclude a single area of the company - not even a single control from the annex. This makes it a 100% certification, which underlines cora's holistic approach.
The quality and maturity of the information security management system (ISMS) was also particularly emphasized during the audit. The responsible TÜV auditor emphasized that this was the best ISO/IEC 27001 audit of his entire professional career. With around 30 audits carried out per year and many years of experience, this feedback is exceptional recognition for the entire cora team.
As the standard is generally applied on a risk-based basis and many companies exclude individual controls, complete coverage of all controls is rare across the industry. A 100% coverage is therefore a particularly strong sign of comprehensively implemented information security and gives cora's certification a special significance.
Another key milestone is the speed of the certification process. Despite the complexity of an international group of companies with multiple locations and legal entities, cora was able to successfully complete the ISO/IEC 27001 certification in record time. Both the Swiss headquarters and all German locations were fully integrated into the scope.
In addition to ISO/IEC 27001 certification, cora pursues an extended and in-depth security approach. BSI IT Grundschutz and the requirements of the NIS2 directive are also integrated into the ISMS used. This is because ISO/IEC 27001 certification alone does not guarantee comprehensive security in all areas of IT security.
In many aspects, BSI IT-Grundschutz and NIS2 go much deeper into technical and organizational security and ideally complement cora's holistic security approach. In addition, cora attaches particular importance to secure software development - with an established secure development lifecycle, binding secure coding practices and continuous security checks.
For customers and partners, this comprehensive approach means an additional level of transparency, reliability and security. At the same time, cora creates the basis internally to continuously develop information security and anchor it at the highest level in the long term.