CAF Group has launched a corporate initiative with the implementation of new policies associated with Security and Cybersecurity management; that once again, reinforce the commitment to promote and continuously improve data security.
When we talk about cybersecurity, there is no middle ground. And so, the digital platform of CAF, LeadMind, wanted to prove it with a great bet. The platform, allows to monitor and manage the real health state of railway assets. Since its creation, has been a real commitment to ensure compliance with the established levels of confidentiality, availability and integrity for its information assets.
In recent years, the commitment to provide sacure cyber environments has been relentless, conscious that the path to excellence is a constant adaptation. Commitment and responsibility for cybersecurity has been shared from management to the entire team of the CAF Digital Services unit. Creating both internally and externally the “security culture” and for this, one of the keys has been to treat cybersecurity as a process of continuous improvement.
“30% of the LeadMind team’s annual training has been linked to cybersecurity. In the areas of analysis, software development and IT, this percentage is about 80%”
Technical, legal and management controls have been implemented to ensure the availability, confidentiality and integrity of the platform that serves rail operators and maintainers. This complies with current data protection legislation (GDPR) at all times. The CAF Digital Services Unit is certified by the ISO 27001 of Information Security Management System.
Aware that the requirements can be diverse depending on the policies of each company, LeadMind adapts to the most demanding cybersecurity specific requirements of each client. In case of not havinf specific requirements, offering a level of coverage according to cybersecurity management standards for this type of product. And that, translates into the trust of LeadMind users.
Among the measures established in cybersecurity, LeadMind platform offers access control based on the role or user profile, filtering the information accessible to each type of user.
Training is one of the fundamental pillars and LeadMind team has prepared a plan of awareness and training applied to cybersecurity. Reviewing and maintaining best practices and applying security standards on key infrastructure and production environment. Continuously obtaining the official certifications of the AWS platform from the analytics, development and IT team.