Information Technology security has become imperative because design, manufacturing, and product support processes are all strongly supported by information technology generally across all industrial fields. Specifically in the automotive industry another demand has evolved: OEMs prescribe the need of continually providing objective evidence of compliance with information security requirements from Suppliers.
With intent to establish a reliable evaluation process of automotive industry companies, the Verband der Automobilindustrie (VDA) has created an assessment and exchange mechanism tool: theTrusted Information Security Assessment Exchange (TISAX).
TISAX allows the recognition of assessment results among the participants. TISAX can be a highly effective method in reducing the company’s evaluation process effort when it is a demand to process sensitive information from Customers or when facing the demand to assess and evaluate the information security practices of Suppliers.
The VDA Information Security Assessment Catalogue – alias VDA ISA Catalogue- is based on the fundamentals of the information security standards, relevant legal and regulatory requirements (e.g. GDPR regulation) and best practices adapted for the automotive industry’s specific attributes.
The VDA ISA Catalogue of TISAX requirements provides common standards for information security and data protection measures fully conform to the GDPR regulation and also prototype protection requirements. VDA entrusted the ENX Association with the implementation and general management of TISAX. Thus, the ENX Association accredits auditors, maintains the VDA ISA criteria and assessment requirements, and monitors the implementation and assessment results.
In our TISAX consultation service we provide you with professional management support in:
- the assessment of all your processes against the VDA ISA requirements,
- support the company’s risk assessment,
- creating process models and a documentation system that comply with VDA ISA and customer’s requirements both,
- performing internal audits.