TISAX – information security assessment standard in the automotive industry

Are you a manufacturer or service provider in the automotive industry and want to ensure that you handle information securely?

Do your customers require you to confirm compliance with the TISAX standard? Do you want to save your time and money on multiple, often tedious auditing processes?

If your answers are YES, this article is just for you!

Information security management concepts and best market practices were created in conjunction with two worlds: business and technology. This is often a huge challenge for many companies in broadening the knowledge and building awareness of their employees in cyber risks.

Technological progress in the automotive industry increases the level of risk in terms of the theft of business secrets, in particular the theft of know-how. Hence, risk management in the digital world is a difficult and complex challenge.

TISAX - impact on another departments

Fig. 1. What areas of your company are covered by the TISAX audit?

Companies operating in the automotive industry are expected to meet several requirements to ensure information security throughout the supply chain. Global automotive concerns often require their contractors to present objective evidence confirming compliance with the requirements that ensuring information security.

TISAX (Trusted Information Security Assessment Exchange), whose creator and owner is the German Association of the Automotive Industry (VDA), is now a leading and mutually recognized mechanism for assessing (auditing) and exchanging information between entities in the automotive industry based on the VDA ISA questionnaire.

TISAX standard is developed based on the ISO 27001 popular from many years

The TISAX standard has been built based on three pillars: Information Security Management System (ISMS) requirements, prototype protection requirements and data privacy protection. The VDA ISA questionnaire, which is the main working document during the audit, contains a series of evaluation questions, divided into the above-mentioned sections (pillars).

TISAX standard – the key to company success is to prepare and an internal assessment in advance performing – pre-audit

Due to extensive scope of the audit examination and ambiguous assessment questions, preparations for the certification process within the company should be planned and carried out in the advance. Numerous departments of your company will be assessed, for example IT, HR, Physical Security, Legal and Compliance, Purchasing and Data Privacy.

The result of preparatory work for certification may turn out to be a change or remodel of your company’s processes. In addition, that requires proper time and money estimation. The external help of an experienced specialist can be irreplaceable.

Standard that requires workload which will pay off in the future

Participation in establishing a common level of information security in the automotive industry is just one of the many advantages of successfully completing an audit and receiving the TISAX® label certification.

It is also an opportunity to build a credible, lasting and positive image of the company. The chances of establishing new business contracts for your organization are also unique.

You can download an automatic, editable Excel form for free on the Free Quality Tools

Document name: TISAX Implementation Checklist – Excel form

Literature:

  1. Calder A., Watkins S. (2020), An international guide to data security and ISO27001/ISO27002, Kogan Page Limited, London
  2. Norm ISO/IEC 27001:2013
  3. https://www.iso.org/iso/home.html (27.10.2021)
  4. https://en.vda.de/en (27.10.2021)

Download for FREE our E-BOOKS

X