GEA has expanded the scope of its information security and cybersecurity certifications: ISO/IEC 27001:2022 now covers 98 sites worldwide (45 newly added), complemented by ISA/IEC 62443 for secure product development and industrial environments.

The Group’s Information Security Management System (ISMS) is certified by TÜV Rheinland to the internationally recognized standard ISO/IEC 27001:2022 and now covers 98 sites worldwide – 45 of which were newly added in the past 12 months. At selected sites, additional certifications according to ISA/IEC 62443 apply – the international standards for cybersecurity in industrial production environments and secure product development. The certificates were handed over by Ralph Freude, Head of Businessline ICT and Lead Auditor at TÜV Rheinland, to Alexander Kocherscheidt, CFO, and Iskro Mollov, CISO of GEA, on 18 February 2026.

Ralph Freude (l.), Head of Businessline ICT and Lead Auditor at TÜV Rheinland, handed over GEA’s cybersecurity certificates to Alexander Kocherscheidt, CFO GEA, and Iskro Mollov (r.), CISO and Senior Vice President Information Security, Business Continuity and Crisis Management at GEA, on 18 February 2026. The ISO/IEC 27001:2022 and ISA/IEC 62443 certifications confirm that GEA manages information and cybersecurity systematically across the Group. (Source: GEA/Mike Henning)

“Cyber threats often hit industrial companies where the consequences are most severe: availability, delivery capability and trust. GEA operates and develops equipment for some of the most sensitive production processes in the world – from food and pharmaceuticals to chemical processes. The more connected these plants become, the greater the value of the data they generate – and the greater the impact of a failure or security breach. Information Security begins with established governance. Our certifications reflect that we manage security systematically – according to verifiable, externally audited standards,” said Iskro Mollov, CISO and Senior Vice President Information Security, Business Continuity and Crisis Management at GEA.

Expanding certification to 98 sites demonstrates that GEA plans, implements, continuously improves and audits Information Security worldwide according to consistent, risk-based standards. ISO/IEC 27001:2022 is the internationally recognized benchmark for auditable Information Security Management Systems. For customers, partners and investors, this means GEA manages sensitive information – from design and process data to quality and service data – according to uniform, externally verified standards across the Group.

GEA goes a step further. At selected sites, GEA also holds certifications to ISA/IEC 62443, the internationally recognised standards developed specifically for these requirements:

  • Düsseldorf, Oelde and Alcobendas hold umbrella certification to ISA/IEC 62443-4-1. This standard confirms that cybersecurity is systematically embedded in the product development process – from design and development through to maintenance and further evolution. Security is built in from day one (“Secure-by-Design”).
  • Oelde and Niederahr are certified according to ISA/IEC 62443-2-1. The certification attests to structured security management for industrial production environments.