With GEA SecurityPartner, GEA has launched new, comprehensive industrial security offerings for existing as well as potential future customers. GEA SecurityPartner is a modular portfolio of complementary industrial security offerings designed to protect production environments in which GEA equipment is deployed.
As production becomes more connected and regulatory expectations continue to rise, resilient and auditable security practices are increasingly important for continuous operations and trusted industrial partnerships. The GEA SecurityPartner offering combines operational technology security expertise with GEA’s existing security capabilities, developed through the operation of own global production networks – and builds directly on the Group’s independently audited security competencies according to ISO/IEC 27001:2022 and ISA/IEC 62443.
“At GEA, we protect our own global operations every day. We know what it takes to secure complex production environments, long equipment lifecycles, legacy systems, and globally connected products,” says Iskro Mollov, Chief Information Security Officer at GEA. “The new offerings are designed to integrate into existing maintenance and service structures or to be delivered as part of new plants and projects by GEA.”
“GEA technology plays a vital role in the production of food, beverages, and medicines around the world,” says Stefan Klebert, CEO of GEA. “Leveraging our expertise in the information security field to the benefit of our customers is a logical next step, strengthening our ability to support customers in an increasingly connected, digital and regulated world.”
Security: A fundamental requirement for resilient operations
As production environments become more connected and threats grow, information and cyber security are continuously evolving into a core requirement for business continuity and trust in industrial partnerships. Over the past years, GEA has gained substantial information security expertise by implementing a holistic security approach throughout the own company. A key component of this has been improving the security of its global production and product development environments. This has been accompanied by certifying an ever-growing number of GEA sites based on international security standards, such as ISO/IEC 27001:2022 and ISA/IEC 62443.
GEA SecurityPartner translates this proven in-house practice into practical, scalable offerings for customers. The portfolio supports regulatory compliance, including EU NIS 2 Directive and EU Cyber Resilience Act, improves operational resilience and continuity of GEA’s customers, enables the secure operation of IT/OT environments, protects connected equipment over its lifecycle, and develops secure industrial architecture.
GEA SecurityPartner follows a structured process: an initial assessment to clarify objectives and regulatory context, an analysis of the existing IT, OT, and product security posture, and development of a tailored action plan. Implementation is carried out step by step, aligned with the customer requirements and maturity level, and integrated into existing operational processes.
The nine GEA SecurityPartner Modules
- Transparency – Establishes a clear security baseline through asset, risk, and regulatory assessments, delivering a comprehensive gap analysis and prioritized remediation roadmap.
- Personnel Enablement – Delivers required knowledge in IT/OT security to reduce human-related risks and support implementation and sustainable operations.
- Security Architecture – Supports the design and implementation of secure industrial architectures with clear segmentation and hardened structures to reduce attack surface.
- Vulnerability Management – Provides continuous visibility of vulnerabilities across production assets, enabling prioritized remediation and compliant risk handling and reporting.
- Defense – Includes SOC monitoring, malware protection, network security, and security incident response across IT and OT environments.
- Offense – A structured security testing to identify vulnerabilities and support improvements in systems, control mechanisms and compliance.
- Remote Access – Enables secure remote connections to the customer’s production environment for suppliers and internal teams via secure authentication mechanisms, restricted access paths, and monitoring.
- Availability & Continuity – Ensures stable operations via business continuity and disaster recovery planning to minimize downtime and meet legal and business expectations.
- Certifications Support – Assists customers in preparing for certifications such as ISO/IEC 27001 or IEC 62443.
