5 min read

Thomas Brandt

What he needs: Dedicated infrastructure with contractual SLAs and ISO 27001 / TISAX certification for procurement. What he will not do: Build or operate connector infrastructure with his existing team. Why he buys: Multiple OEM mandates requiring audit-grade dataspace connectivity.

Head of IT at a tier-1 automotive supplier, 1,200 employees, with a heterogeneous infrastructure landscape and a competent-but-not-cloud-native team of twelve. He needs dedicated infrastructure per participation, contractual SLAs, and ISO 27001 / TISAX Level 2 certification he can present to procurement without qualification.

Role: Head of IT, mid-size tier-1 automotive supplier (1,200 employees)

Background

Thomas has led IT at the same automotive supplier for eleven years, having come up through SAP consulting before moving into enterprise IT management. The firm manufactures transmission components for three major OEMs and has grown steadily through acquisitions, leaving Thomas with a heterogeneous infrastructure landscape, a mix of on-premise ERP, a partially migrated cloud environment, and a handful of SaaS tools adopted department by department without central coordination. His team of twelve covers everything from helpdesk to enterprise architecture. They are competent at what the business has historically required of them, keeping SAP running, managing Active Directory, handling integrations with customer EDI systems, but they are not a cloud-native engineering team and have no experience with Kubernetes, identity infrastructure, or dataspace protocols. Thomas knows this and manages his team’s scope accordingly.

Responsibilities

Thomas is accountable for the firm’s IT infrastructure, enterprise systems, cybersecurity posture, and vendor relationships. He signs off on technology procurement, manages the IT budget, and is the person the CEO calls when a technology failure affects production or a customer relationship. He has recently taken on responsibility for digital supply chain initiatives, which is how Catena-X landed on his desk, the firm’s largest OEM customer has mandated participation, and the project has been escalated to Thomas because it involves infrastructure rather than a business application his operations colleagues can handle themselves.

Challenges

Thomas is being asked to deliver dataspace connectivity with a team that does not have the skills to build or operate it at the infrastructure level. He knows enough to know that standing up an EDC Connector correctly is not a weekend project, he has read enough to understand that identity management, credential infrastructure, and Kubernetes operations are involved, but he does not have engineers who can do this reliably without significant external support. He is also managing multiple participations: the OEM customer mandating Catena-X is not the only one, and a second customer is likely to follow with a similar requirement within the year. The dedicated tier is right for him not because of performance requirements but because running multiple participations on shared infrastructure creates governance questions he cannot easily answer to his security team or his customers. He is also working within a procurement process that requires vendor security certification, contractual SLAs, and documentation his legal team can review, the kind of due diligence that a managed service with proper compliance credentials can satisfy in a way that a self-hosted deployment cannot.

Goals

Thomas wants to connect to Catena-X, and potentially MDS, without hiring engineers his team does not have and cannot retain in a competitive market. He wants a managed service with contractual SLAs he can present to the firm’s management and to the OEM customers making the mandate. He wants complete resource isolation for each participation: his security team will not accept a shared infrastructure answer, and his customers’ compliance teams will ask the question. He wants the commercial and legal terms to be clean enough to pass through his procurement process without months of back-and-forth. And he wants a provider he can call when something goes wrong, confident that the response will come from someone who understands what they are operating.

Technology use

Thomas works at the level of vendor evaluation, procurement, and IT governance rather than hands-on infrastructure management. He reviews security certifications, reads SLA terms carefully, and delegates technical integration assessment to his senior engineer. He makes purchasing decisions through a formal procurement process that involves legal, security, and finance sign-off. He evaluates infrastructure providers by their compliance certifications (ISO 27001 and TISAX matter to him directly), their support model, their reference customer base, and whether their commercial terms hold up under scrutiny. He will not approve a solution that his security team cannot audit or that lacks a credible production track record.

Needs from Kaphera Cloud

Thomas needs full resource isolation, dedicated infrastructure per participation, with no shared tenancy that complicates the answer to his security team’s questions. He needs contractual SLAs with defined uptime commitments and escalation paths, because his OEM customers will ask what happens when the connector goes down. He needs compliance certification coverage, ISO 27001 and TISAX Level 2 at minimum, that he can present without qualification during procurement. He needs the platform to run on EU-sovereign infrastructure, which is both a regulatory expectation and a requirement his legal team will raise. He needs a support model that provides a named contact and a response time commitment, not just a ticketing system. And he needs pricing that is predictable and structured in a way that clears his firm’s procurement process, a fixed monthly cost for a defined service scope, not a consumption model that requires monthly reconciliation.

Quote “I need this to work reliably, I need to be able to explain to my CEO and my customers exactly what we’ve put in place, and I need to know there’s someone I can call who actually understands it when something goes wrong.”

Graph View

Backlinks