Are you a manufacturer or service provider in the automotive industry and want to ensure that you handle information securely? Do your customers require you to confirm compliance with the TISAX standard?
Do you want to save time and money on multiple, often tedious auditing processes?
If your answers are YES, this article is just for you!
Information security management concepts and best market practices evolved through the collaboration of two worlds: business and technology. This is often a huge challenge for many companies in broadening their knowledge and building awareness of their employees about cyber risks.
Technological progress in the automotive industry increases the level of risk in terms of the theft of business secrets, particularly the theft of know-how. Hence, risk management in the digital world is a difficult and complex challenge.
Fig. 1. Which areas of your company does the TISAX audit cover?
Companies operating in the automotive industry are expected to fulfill several requirements to ensure information security throughout the supply chain. Global automotive concerns often require their contractors to present objective evidence confirming compliance with the requirements that ensure information security.
TISAX (Trusted Information Security Assessment Exchange), created and owned by the German Association of the Automotive Industry (VDA), is now a leading and mutually recognized mechanism for assessing (auditing) and exchanging information between entities in the automotive industry based on the VDA ISA questionnaire.
TISAX standard is developed based on ISO 27001
The TISAX standard has been built based on three pillars: Information Security Management System (ISMS) requirements, prototype protection requirements, and data privacy protection. The VDA ISA questionnaire, the main working document during the audit, divides a series of evaluation questions into the above-mentioned sections (pillars).
TISAX standard – The key to company success is to prepare and perform an internal assessment in advance (pre-audit)
Due to the extensive scope of the audit examination and ambiguous assessment questions, the company should plan and carry out preparations for the certification process in advance. Numerous departments of your company will be assessed, including:
- IT,
- Human Resources,
- Physical Security,
- Legal and Compliance,
- Purchasing,
- Data Privacy
The result of preparatory work for certification may turn out to be a change or remodel of your company’s processes. This requires proper time and money estimation. The external help of an experienced specialist can be irreplaceable.
A standard that requires effort but will yield benefits in the future
Participation in establishing a common level of information security in the automotive industry is just one of the many advantages of successfully completing an audit and receiving the TISAX® label certification.
It is also an opportunity to build a credible, lasting, and positive image of the company. The chances of establishing new business contracts for your organization are also unique.
You can download an automatic, editable Excel form for free on Free Quality Tools
Document name: TISAX Implementation Checklist – Excel form
Literature:
- Calder A., Watkins S. (2020), An international guide to data security and ISO27001/ISO27002, Kogan Page Limited, London
- Norm ISO/IEC 27001:2013
- https://www.iso.org/iso/home.html (27.10.2021)
- https://en.vda.de/en (27.10.2021)
