A CIO Department-Driven, Resource-Optimized Rollout Approach of Tools, Processes, and Governance to Establish Production-Focused Cyber Security

The Challenge

Eraneos was approached by a global automotive OEM in North America after the company’s internal assessment yielded alarming results on cyber security maturity across the North American Free Trade Agreement (NAFTA) region. This triggered the company’s need for its IT department to develop a centrally delivered cyber security program. It was hoped this would help bump up security posture across the OEM’s manufacturing sites. 
 
Since it’s still the sole profit center of most manufacturing companies, production is highly standardized and efficient but requires a tailored approach for any non-production-related efforts (such as cyber security enhancements). The underlying challenge of this project, therefore, was creating a diverse environment of all plants carrying individual characteristics in their manufacturing process and having very little local coverage for IT security demanding a well-structured and centralized rollout.

The approach

We rolled out a governance structure to deliver the SITS Program put in place at NAFTA and aligned between the CIO organization and the Senior Vice President of Operations (COO). We also ensured the NAFTA CIO IT security team was continuously leveraging tools and processes provisioned by the headquarter in Germany but tailored for regional-specific needs. Quality assurance, best practices sharing, and lessons learned were managed through a shared database with all manufacturing sites. 

The result

Starting with a regional alignment and program set-up for a complex global initiative, Eraneos helped the international OEM in developing and enhancing a global cyber security effort to secure the core cash flow of the company in its manufacturing and operations arm. 
 
Overall, this project demonstrated Eraneos’s ability to deliver complex programs globally by deploying and assigning resources to respective work packages ranging from strategic and tactical concepts to in-depth SME know-how.