Information Security 2025

Skip to Content

Newsletter

Our newsletter keeps you informed about the activities and programs of DB mindbox, our startups, and current events.

By clicking Subscribe, you agree to the processing of the personal data you provide. You can revoke your consent at any time. You can find out more about data processing and your rights in the Data Privacy Policy

Contact

Do you have any further questions, requests or suggestions? You can contact us here. 

Arbeiten im Homeoffice
End of the slider

We’re excited to again launch the first DB mindbox program with the focus on information security in 2025!

Over the course of 100 days, the selected startup will have the opportunity to tailor their solutions to the real-world challenge of the information security processes of a big corporate and test them live within the Deutsche Bahn environment.

What’s in it for you?

  • Exclusive access to DB experts, data, and real-world challenges
  • EUR 25,000 in funding – no equity taken
  • 1:1 coaching and mentoring from a handpicked network
  • Coworking space at our vibrant office at DB Mitte

You will be supported by a dedicated DB mindbox startup manager, who is your bridge to the world of Deutsche Bahn (DB). Plus, the option to work at our coworking space in the center of Berlin with 24/7 access.

This is a great opportunity to lay the foundation for joint projects and successful long-term collaboration with Deutsche Bahn Group, Europe’s largest mobility and infrastructure provider with more than 300.000 employees.

You have questions about the program?

Join our weekly open Q&A session every Monday from 10-10:30 am (CEST). We’ll be happy to chat with you and answer anything you’d like to know. Click here to dial in!

You can also find a list of the Q&As below:

What standards are the security questionnaires based on?They are based on ISO/IEC 27001 and ISO/IEC 27002 and adapted to DB requirements.

Do you expect the solution to be customizable?Yes. The solution should allow flexible tailoring of controls, questions, and mappings to reflect DB-specific needs.

What output format is required for the PoC?CSV export is sufficient for the PoC; no interface/API needs to be implemented at this stage.

Is an interface/API required for long-term use?Yes. For production use, the solution must provide interface capability (e.g., to integrate with existing DB systems).

Are there any deployment requirements?The solution must support local (on-premises) deployment.

01 – Information Security

We’re looking for an innovative and adaptable solution to ensure the compliance to information security standards of our IT Systems.

Deutsche Bahn is required to achieve and maintain a very high information security level for its IT components. This involves answering an extensive set of tool-based information security-related questions, covering a very large number of controls. Currently, this process is performed manually by the application managers.

The aim is to support and automate this process by using AI and rule-based systems to pre-fill the questionnaire based on readily available sources (e.g., contracts, annexes, provider websites), with manual adjustments required only in cases of discrepancies or missing information.

Information security requirements are evolving. We are therefore looking for a solution that supports dynamic updates of the questionnaire covering the change of the underlying controls.

In addition, the solution must support the provision of different IT security questionnaires tailored to specific areas of the company, allowing the appropriate one to be selected when evaluating the IT component.

Automization of Information Security Process

With a variety of existing and emerging IT applications, the processes for ensuring compliance with information security standards must be as efficient and intelligent as possible. We are seeking solutions to automate these processes by analyzing existing documents (e.g., contracts, corporate guidelines) and deriving suggested responses to the information security questionnaire. In the event of changes to information security criteria, the solution should not only support new information security evaluations, but also ensure that all previously completed evaluations remain compliant with the updated requirements.

Timeline

24.08.2025 – Application deadline

Last day to apply for the program.

05.09.2025 – Announcement of candidates

Invitation of selected teams

23.09.2025 – Selection day

Pitch your idea on stage to a jury and audience

13.10.2025 – Start of program

Start of the 100 day Proof-of-Concept to develop and test a prototype in cooperation with DB

End of January 2026 – End of program

End of 100 day Proof-of-Concept and presentation of results