The automotive industry produces a great deal of data across the design, testing and production lifecycles. This includes security data generated during all phases of the lifecycle.
To help streamline security evaluations of manufacturers, service providers and suppliers to the Automotive sector, the Association of the Automotive Industry in Germany (VDA) set up TISAX. These security requirement classifications, on international information security management system (ISMS) standards like ISO/IEC 27001 are now used by European automotive companies. Since 2017 it has become mandatory for automotive suppliers to comply.
TISAX establishes a common assessment and exchange mechanism for evaluating supplier’s security capabilities.
For organisations who process sensitive information on behalf of Automotive customers, such as while providing parts, components or services, they must implement and maintain an Information Security Management System (ISMS). After which your organisation will need to pass the corresponding level of TISAX audit to continue to contract with the (German) automotive market.
BH Consulting have specialist expertise and experience in providing TISAX alignment services.
BH Consulting have specialist expertise and experience in providing TISAX alignment services. We work with organisations to build out an Information Security Management System (ISMS) and help put in place the security controls to meet TISAX requirements.
TISAX closely aligns with ISO/IEC 27001 but has some additional automotive industry specific controls, particularly focused on the supply chain and specific to the Automotive industry.
TISAX controls are outlined in VDA ISA (Information security assessment) catalogue and focus on the following 3 modules:
- This is a basic module for every assessment carried out and is based on the ISO 27001 Information Security Standard.
- This module is relevant where the supplier processes the personal data of customers (Art. 28 of GDPR).
- This module is relevant to vehicles, components and parts which are classified as requiring protection. The emphasis of the requirements is on implementation of physical measures.
- TISAX compliance provides competitive advantage in the Automotive sector and helps with the renewal of existing supplier contracts
- Addresses automotive-specific requirements and establishes a common level of information security in the industry
- Helps to improve business processes and keep confidential data secure