GEA expands cybersecurity certifications (ISO/IEC 27001, ISA/IEC 62443)
- Bild-Infos
- Download
Ein Dokument
GEA has expanded the scope of its information security and cybersecurity certifications: ISO/IEC 27001:2022 now covers 98 sites worldwide (45 newly added), complemented by ISA/IEC 62443 for secure product development and industrial environments. Why it matters: NIS2 and the Cyber Resilience Act are raising expectations for auditable governance and Secure-by-Design. The release explains what verified cybersecurity evidence means in connected industrial projects - for operators, manufacturers, and partners across the supply chain.
GEA expands its cybersecurity certifications by TÜV Rheinland and strengthens security across connected industrial processes
- 98 GEA sites (covering more than 75% of employees) worldwide certified to ISO/IEC 27001:2022 – 45 newly added.
- Additional ISA/IEC 62443 certifications confirm secure product development and secure production of GEA equipment and systems.
- Independently audited by TÜV Rheinland, the certification body confirms: “The requirements of ISO/IEC 27001:2022 and ISA/IEC 62443 are comprehensively met – holistic management of information and cyber risks forms the foundation for trust and partnerships in connected industrial projects.”
- Customers relevance: EU legislation such as NIS2 and the Cyber Resilience Act are raising demand for verifiable information security, cybersecurity and secure development processes.
Düsseldorf, February 26, 2026 – GEA has further expanded its information security and cybersecurity capabilities across the Group in recent months. Independent certifications confirm this progress, and GEA has again expanded their scope. The Group's Information Security Management System (ISMS) is certified by TÜV Rheinland to the internationally recognized standard ISO/IEC 27001:2022 and now covers 98 sites worldwide – 45 of which were newly added in the past twelve months. At selected sites, additional certifications according to ISA/IEC 62443 apply – the international standards for cybersecurity in industrial production environments and secure product development. The certificates were handed over by Ralph Freude, Head of Businessline ICT and Lead Auditor at TÜV Rheinland, to Alexander Kocherscheidt, CFO, and Iskro Mollov, CISO of GEA, on 18 February 2026.
“Cyber threats often hit industrial companies where the consequences are most severe: availability, delivery capability and trust. GEA operates and develops equipment for some of the most sensitive production processes in the world – from food and pharmaceuticals to chemical processes. The more connected these plants become, the greater the value of the data they generate – and the greater the impact of a failure or security breach. Information Security begins with established governance. Our certifications reflect that we manage security systematically – according to verifiable, externally audited standards,” says Iskro Mollov, CISO and Senior Vice President Information Security, Business Continuity and Crisis Management at GEA.
Group-wide Information Security: ISO/IEC 27001:2022 scaled worldwide
Expanding certification to 98 sites demonstrates that GEA plans, implements, continuously improves and audits Information Security worldwide according to consistent, risk-based standards. ISO/IEC 27001:2022 is the internationally recognized benchmark for auditable Information Security Management Systems. For customers, partners and investors, this means GEA manages sensitive information – from design and process data to quality and service data – according to uniform, externally verified standards across the Group.
Secure products and secure production: ISA/IEC 62443
In industrial environments – characterized by long system life cycles, high availability requirements, and the close integration of Information Technology (IT) and Operational Technology (OT) – GEA goes a step further. At selected sites, GEA also holds certifications to ISA/IEC 62443, the internationally recognized standards developed specifically for these requirements:
- Düsseldorf, Oelde and Alcobendas hold umbrella certification to ISA/IEC 62443-4-1. This standard confirms that cybersecurity is systematically embedded in the product development process – from design and development through to maintenance and further evolution. Security is built in from day one (“Secure-by-Design”).
- Oelde and Niederahr are certified according to ISA/IEC 62443-2-1. The certification attests to structured security management for industrial production environments.
What this means for customers and partners
GEA equipment sits at the heart of customers’ critical production processes – running around the clock, in regulated environments, connected to wider systems. When that equipment is developed, integrated and operated securely, it helps protect customers directly from unplanned downtime, data loss and the associated liability and reputational risks. The ISA/IEC 62443 certifications demonstrate that cybersecurity has been designed into GEA products and processes from the outset.
Connected industrial projects also involve the circulation of sensitive data – design and process know-how, production, quality and service histories – with real economic value and legal implications. The ISO/IEC 27001 certification shows that GEA manages this across the Group according to consistent, risk-based standards. Cybersecurity thus becomes a prerequisite for partnerships, tenders and long-term cooperation.
Context: growing cyber pressure and European requirements
Many GEA customers operate critical infrastructure or work in highly regulated environments. As a result, they face rising NIS2 requirements for governance, risk management, technical and organizational measures, and supply chain security. The Cyber Resilience Act adds further obligations for manufacturers of products with digital elements, requiring verifiable security across the entire product lifecycle.
GEA supports customers in addressing these requirements and provides auditable evidence for its own security practices: as an operator through ISO/IEC 27001 and as a manufacturer through ISA/IEC 62443. Customers deploying GEA products and expertise in their production environments can build directly on GEA's certifications for their own compliance requirements. This helps shorten audits, strengthens partnerships and protects shared values.
NOTES TO THE EDITOR
- More information about GEA
- To the GEA Media Center
- Follow GEA on LinkedIn, Youtube
Contact Media Relations GEA Group Aktiengesellschaft Matthias Schnettler Ulmenstr. 99, 40476 Düsseldorf, Germany Phone +49 211 9136-1500 matthias.schnettler@gea.com
About GEA
GEA is one of the world’s largest suppliers of systems and components to the food, beverage and pharmaceutical industries. The international technology group, founded in 1881, focuses on machinery and plants, as well as advanced process technology, components and comprehensive services. For instance, every second pharma separator for essential healthcare products such as vaccines or novel biopharmaceuticals is produced by GEA. In food, every fourth package of pasta or every third chicken nugget are processed with GEA technology. With more than 18,000 employees, the group generated revenues of about EUR 5.5 billion in more than 150 countries in the 2024 fiscal year. GEA plants, processes, components and services enhance the efficiency and sustainability of customers’ production. They contribute significantly to the reduction of CO2 emissions, plastic usage and food waste. In doing so, GEA makes a key contribution toward a sustainable future, in line with the company’s purpose: ”Engineering for a better world.”
GEA is listed on the DAX, the STOXX® Europe 600 Index and is also a constituent of the leading sustainability indices DAX 50 ESG, MSCI Global Sustainability and Dow Jones Best-in-Class World.
More information can be found online at gea.com.
About the GEA Foundation
The GEA Foundation, established in 2025 by GEA Group, supports global and local projects in STEM education, child poverty reduction, infrastructure access and disaster relief. Through its Mission 30 strategy, GEA commits to donating one percent of annual net profit to build resilient communities.
More information can be found online at gea.com/foundation.