Information Technology (IT)
Volkswagen is working hard on strengthening its digital competencies with a view to shaping and safeguarding the Company’s future viability. To this end, we are continuously upgrading our IT systems so that they are sustainable in the long term and are progressively moving our systems and applications over to new cloud platforms. Our primary concern is further increasing the efficiency of the IT systems used throughout the Company and standardizing these as far as possible. We are also concentrating on building up our expertise and specialist IT knowledge, especially in key digital technologies such as artificial intelligence and the use of new IT technologies in products, services and business processes.
To safeguard the development of core competencies in our Company in the fields of technology, digitalization and autonomous driving, we are building up IT resources that will help shape and push the Company’s digital transformation.
Due to the global spread of the Covid-19 pandemic, we took extended measures to protect the workforce, such as an increased use of remote working, similar to in the previous year. In this context, safeguarding access to the IT infrastructure in all brands and companies was a major priority again in fiscal year 2021. The use of digital applications to promote more efficient forms of digital collaboration and more effective options for applying these within the Company increased once again compared to the prior year. For example, the Company’s internal network, Group Wiki, promotes knowledge transfer and networking among all employees. The platform puts the user in touch with one another across the brands and the world. The provision of state-of-the-art IT applications for digital collaboration and the expansion of options for conducting business on mobile devices are designed to improve productivity in the long term. Building on the rollout of Microsoft 365, the first steps in implementing the Microsoft Power Platform were taken in 2021. The software environment allows employees without programming skills to automate individual work processes in the Office context, such as the filing of e-mail attachments.
Use of IT solutions and digitalization
The Group IT Steering Committee was formed in 2019 to leverage synergies, to manage the Group’s IT project portfolio and promote communication with departments on IT projects. Planning and managing the IT project portfolio at Group level ensures that resources are employed in a coordinated fashion in the development, implementation and use of IT solutions. Particular emphasis is placed on IT projects aimed at digitalizing business processes across departments.
Volkswagen embraces digitalization in the Company; its in-house software innovation centers (SIC, formerly IT Labs) are just one example of this. They act as centers of innovation and expertise that conduct research, pilot new technologies and develop these in areas relevant for the Company and make these available for productive use in applications for the organization. Here, Group IT, research institutes, educational institutions (such as universities), technology partners and policy-makers work closely together on future trends in information technology. At the same time, the SICs function as liaison offices for start-ups. This allows the experience and strategic expertise of a large company like Volkswagen to be combined with the pragmatism, the ideas for new areas of business and the speed of young start-ups. Highly specialized experts at the SICs in Munich, and increasingly also in Wolfsburg, are working, for example, on exploiting the potential of quantum computers for areas that have a commercial application. The focus here is on the optimization of traffic flows, the data-driven management, pricing and optimization of spare parts in the after-sales business, and smart management of energy use to generate sustainable savings using artificial intelligence methods (for example in the compressed air control systems used at the Wolfsburg plant to reduce CO2 emissions). Initial experimental projects are also investigating opportunities for combining the potential of quantum computers with self-learning systems (quantum machine learning).
In addition, the SICs are used to transfer knowledge throughout the entire Company on topics such as data analytics (process for the systematic analysis of data in electronic form) and decentralized databases, which allow network participants to jointly process and store data (distributed ledger technologies), and to make new technologies usable for the Company. For instance, numerous bot projects are being implemented to automate business processes (robotic process automation).
The further convergence of different business areas with IT is also opening up potential. In production, for example, big data processes help us to analyze faulty machinery and take action at an early stage. Big data refers to data volumes that are too vast and too complex to be analyzed and evaluated using manual or conventional methods. Production processes are also safeguarded by artificial intelligence and camera systems (computer vision). The systems and equipment in the factories are linked together in an integrated overall system, enabling efficiency to be increased and digital pilot projects to be integrated into the existing architecture much more easily than before. In conjunction with the different departments, Group IT is also contributing its expertise to the field of research and development. For instance, digitalized work tools such as the “virtual concept vehicle” make the product development process faster and more efficient. Value creation in sales is being increased with the help of advanced analytics (a process for systematic analysis of future events and behavior), for example in optimizing the use of parking lots and vehicle collection processes.
Software development
We develop cross-brand software for digital ecosystems, for new and existing business processes in the Group in our software development centers. Cutting-edge technologies for the industrial Internet of Things are being developed at the Software Development Center in Dresden. In collaboration with a leading cloud provider, Amazon Web Services, we are refining the digital production platform already in use which aims to enable Volkswagen to reduce its production costs in the future.
IT security
Safeguarding data and information throughout the Volkswagen Group worldwide is one of the main tasks of IT and was continued in fiscal year 2021 with the Group Information Security Program. The objective of the program is to create uniform processes and solutions across the Group to further enhance information security. The main focus is on topics that could one day pose information security risks for the Group and that need to be specially safeguarded as part of the Group’s digital transformation strategy, including cloud security and secure software development. The program’s content and orientation will be reviewed annually and updated if necessary.
We are one of the first vehicle manufacturers to require our suppliers to have passed TISAX (Trusted Information Security Assessment Exchange) certification. This sends out a strong signal about cross-company information and data security. TISAX certification is an assessment method developed by the German Association of the Automotive Industry and is based on the international industry standard and the requirements of the automotive world. The aim is for sensitive data and information to be dealt with securely by our suppliers.
CAR2X technology offers our customers protection by warning them, for example, of traffic hazards. CAR2X technology enables direct wireless communication from vehicle to vehicle and from the vehicle to the transport infrastructure. This TÜV IT-certified technology, implemented in accordance with European standards, represents a technical milestone in our CAR2X program.
The tasks of automotive cybersecurity are to avert cyber attacks on our vehicles throughout the entire product life cycle and in the supply chains and to protect our customers’ personal data in our vehicles. The Group policies in the Volkswagen Group based on the legal requirements of the UNECE regulation have been implemented. Cross-brand organizational guidelines are being specified and implemented on this basis, taking the organizational circumstances into account.
The “Protected Customer” program addresses the requirements of the UNECE regulation. To enable us to protect our customers against cyber attacks, and to implement our solutions in conformity with national and international legislation, we are establishing integrated, cross-brand, cross-regional security management systems for information and cybersecurity. These were confirmed with UNECE CSMS certification in 2021. Safeguarding of the complete life cycle of our vehicles and the digital mobility services was transferred to the responsible line organizations after the program ended in 2021 and continues to be performed there.
Key central information security processes have been audited within the international ISO 27001 framework and were recertified in 2021. This is the most important standard for information security and extends beyond IT to also cover issues such as human resource security, compliance, physical security and legal requirements.
Other key milestones in fiscal year 2021 were the successful completion of the central GDPR (General Data Protection Regulation) project and the associated integration into standard operation. This project gave rise to uniform processes and procedures for GDPR compliance. The introduction of the data protection management system and the data protection management organization has thus established the infrastructure for implementing and complying with data protection requirements at Volkswagen AG. Increasing digitalization and interconnectedness of business processes, new planned legislation with data protection relevance and the sharp rise in the extent of international data protection legislation continue to require a high level of attention if ongoing compliance with data protection requirements is to be ensured. Continuously raising awareness among the workforce and further standardizing and automating processes remain the focus of activities. Going forward, compliance requirements will be already built into the design of IT solutions and infrastructure decisions.