Holistic approach to information security Mainzer Stadtwerke Gruppe

Holistic approach to information security Mainzer Stadtwerke Gruppe

Cyber Security: Whitepaper on the success story of Stadtwerke Mainz. Finger pressing the 'SUCCESS' key on the keyboard (writing in English).

Success Story

Mainzer Stadtwerke is the service provider for the electricity, water, and gas supply of the city of Mainz. The transport company department is also responsible for the city’s public transport. These basic services are an important part of a city or municipality. Mainzer Stadtwerke has been using the services of TreeSolution for several years and has been training its employees with various e-learning courses.


People trained





City of Mainz in Germany


Ongoing since 2017


Awareness strategy, surveys with the Security Awareness Radar®, e-learning, individually developed training courses.

Security awareness strategy

At the beginning of the collaboration. The strategy serves as a starting point for the design, development, and implementation of effective and targeted awareness programs through to the evaluation of the programs.

Security awareness survey

At the beginning of the collaboration.

Awareness training topics

Use of the entire TreeSolution topic portfolio. Creation of specific courses in the area of project procurement, performance accountability and various compliance topics.

Step by step towards a security culture

To start, a specific awareness strategy was created as the basis for collaboration. This strategy is the ongoing reference for information security actions and ensures an efficient and goal-oriented approach. The strategy also makes a fundamental contribution to fostering a security culture.

At the beginning of the collaboration, the Security Awareness Radar® was used to measure the current status of the information security culture in the entire Mainzer Stadtwerke group. The result was targeted employee training. Existing e-learnings in all the subject areas meant that training was already available for the priority topics. Additional e-learning courses were developed especially for the requirements of Mainzer Stadtwerke and for optimal integration of the company's specific user guidelines into the training material.

Implementation goals

Since the Mainzer Stadtwerke group is part of the critical infrastructure, it has a legal obligation to meet requirements in the areas of corporate governance, data protection and IT security law, and aspects of criminal law. Furthermore, the normative requirements DIN ISO/IEC 27001 and DIN ISO/IEC 27002 must be included in the planning and implementation.

The awareness strategy that was created contains detailed instructions, which can be used as a starting point for the design, development, and implementation of effective and targeted awareness programs through to the evaluation of the programs. It refers to the legal and regulatory requirements and provides a basis for fulfilling them.

To build a security culture that is part of everyday work life, all employees should take responsibility for security in their working environment and act appropriately when handling data and information.

Collaboration content

Areas of collaboration between Mainzer Stadtwerke and TreeSolution included the following:

  • Analysis of the company's initial situation and inventory for the further development of strategic measures.
  • Creation of an awareness strategy to strengthen security awareness in culture and behavior.
  • Implementation of an accurate and detailed measurement with the Security Awareness Radar®.
  • Evaluation of the results of the measurement after considering the awareness, behavior, and culture of the company.
  • Introduction of the first e-learning courses for the targeted increase of employee awareness.
  • Additional development of individual e-learnings for direct training of the user guidelines in the company.
  • Each year, targeted training courses can be carried out in security-relevant areas.

Results and benefits for Mainzer Stadtwerke

A holistic approach was taken in the support for the creation of the information security management system (ISMS) and the security program. Output included a comprehensive document on which the training courses could be based. The document serves as the basis for the security culture and to promote the “human firewall.”

The results of the Security Awareness Radar® provided a detailed picture of information security and security awareness among employees. It became apparent which topics and target groups had to be given priority training in order to increase security awareness in the company and to anchor information security in the corporate culture. This knowledge was incorporated into the information security strategy and training material.

The provision of the training material by TreeSolution allowed demands on the scarce time resources of Mainzer Stadtwerke to be kept to a minimum.

Alternative solutions had to be found for the training of employees who did not have access to a PC. This challenge was also mastered, resulting in optimal training of these employees and their inclusion in the measurement survey.

The extensive training material consisting of more than 15 topics enabled in-depth training of the employees. Through additional, individually created modules specific to Mainzer Stadtwerke, topics could be presented to the employees in an even more targeted manner, thus further reducing the risks.

The training and measures were well received by the employees and could be implemented and applied in everyday work. As an employee put it in the measurement survey:

“I consider regular training/instructions on security, like those for occupational safety and fire protection instructions, as necessary to stay up-to-date and to provide all those involved with comprehensive information.”
Mainzer Stadtwerke Employee

Employees must complete refresher courses every year, with new topics being added regularly. New employees are also given extensive training at the start of their employment.

The training actions based on the overall program can also be used as proof for ISO certification and annual re- certification.

All measures planned and implemented to date promote a security-conscious corporate culture and thus contribute to the “human firewall.” Through holistic and continuous training over a longer period of time, knowledge about information security is constantly expanded and strengthened in the security culture.

The next steps

The training material is regularly updated to ensure it is up-to-date and expanded with new additional training courses.

In the future, the suppliers are also to be involved in training courses and another survey carried out using the Security Awareness Radar®.


Security Awareness für Ihr Unternehmen

Sind Sie bereit, die Security Awareness in Ihrem Unternehmen aufs nächste Level zu bringen?

Der erste Schritt ist ganz leicht:
Vereinbaren Sie gleich ein kostenloses Beratungsgespräch.

IT Sicherheit: Schwarz-Weiß-Portrait von Thomas Schlienger, Inhaber von TreeSolution.

Dr. Thomas Schlienger
CEO und Inhaber

Kostenloses Beratungsgespräch

Wenn Sie Unterstützung benötigen, schreiben Sie unter „Mitteilung“ eine kurze Beschreibung des Problems.

Vielen Dank! Wir beantworten Ihre Anfrage rasch möglichst.
Hoppla! Beim Absenden des Formulars ist etwas schief gelaufen.

Bitte kontaktieren Sie uns direkt unter info@treesolution.com.


Security Awareness for your company

Are you ready to take security awareness to the next level in your business?

The first step is easy:
Arrange a free consultation now.

IT Security: Black and white portrait of Thomas Schlienger, owner of TreeSolution.

Dr. Thomas Schlienger
CEO and founder

Free consultation

If you need support write a short description of the problem in the “Message”.

Thank you very much! We will answer your request as soon as possible.
Oops! Something went wrong when submitting the form.

Please contact us directly at info@treesolution.com.