Our company has a 500-year history of transporting messages securely and confidentially. Today, in the digital age, we extend this security into the virtual world. At Deutsche Post DHL Group, we are committed to maintaining the highest levels of compliance and keeping our customers’, employees’, and business data secure. Our goal, as outlined in our Sustainability Roadmap, is to remain a highly trusted company.
- ISO 2700x
Deutsche Post DHL Group runs a full-featured ISO 2700x-based information security management system with certified main data centers and a full complement of objectives, processes, and guidelines to support our Information Security Policy.
- On Guard 24/7
Our industry-leading Cyber Defense Center operates 24/7 using a follow-the-sun model to continuously monitor our global networks and provide rapid incident response.
- Proven Security
Our servers, web applications, and end-user equipment are routinely scanned for vulnerabilities, and our internal audit team regularly checks whether procedures are in place and followed. We provide frequent, transparent reporting to top management on the state of security.
- Corporate Standardization
We consistently apply uniform server standards to ensure that all our servers have hardened configurations, are suitably patched, and are well integrated into all maintenance processes. This good housekeeping addresses the basis for strong security and confidentiality protection.
- Ubiquitous Awareness
Our employees are our best defense. We conduct mandatory security trainings for all IT users in the Group. In addition, we run frequent simulations, including regular phishing simulations, to ensure awareness.
Information security code of practice for partners
We operate our business in a connected world, which means we run and maintain thousands of interfaces with our partners. These interfaces are used, for example, to deliver goods and services, access our systems, process our data, or provide us with cloud-based services or platforms. Consequently, a successful cyber attack on an interface could also penetrate Deutsche Post DHL Group’s systems and/or network, affect our operations, or disrupt supply chains.
At Deutsche Post DHL Group, we aim to minimize the risk of cross-infections or service disruptions by ensuring that our partners adhere to our high information security standards. To achieve this goal, we have added an information security annex to our supplier contracts: The Information Security Code of Practice for Partners (ISCOP v3) is based on the Deutsche Post DHL Group Information Security Target Model and ISO 27001.
ISCOP v3 is applicable to all supplier contracts. It specifies that suppliers must follow the ISO 27001 standard or equivalent international security standards. Deutsche Post DHL Group only works with partners who agree to our Information Security Code of Practice.
Vulnerability Disclosure Policy
The security of our online platforms and applications is of great importance to us. We ask that you disclose information security issues in a responsible way and in accordance with this Responsible Disclosure Process. We will then validate and fix vulnerabilities following our vulnerability management program.