INFORMATION SECURITY IN THE AUTOMOTIVE INDUSTRY
Are you a supplier or service provider for the automotive industry? If so, you need only one thing to assure customers that you are keeping their information secure – participation in the TISAX Exchange. All it takes is one assessment every 3 years.
You undergo a VDA ISA assessment administered by an accredited audit provider. As a registered TISAX participant, all other participants in the network will accept your assessment result.
You receive access to TISAX by registering online on the TISAX portal. Once registered, you can hire an authorized audit provider to perform the assessment, which is based on the VDA ISA questionnaire. Once you have been assessed, the results are uploaded to the TISAX DB. However, not every TISAX participant can access your results. You decide who can access which information by expressly granting access on a case-by-case basis. The ENX Association monitors assessment quality and accredits audit providers based on a rigorous process. DQS is an accredited audit provider.
The VDA’s Information Security working group recently developed an information security assessment (ISA) based on essential aspects of ISO/IEC 27001, but with the addition of a maturity level model. Version 4.0 of the VDA ISA was published in early 2018. The VDA has also enabled the establishment of a common assessment and exchange mechanism, known as TISAX (Trusted Information Security Assessment eXchange). TISAX is operated by the ENX Association, an alliance of European carmakers, auto parts suppliers and automotive associations that the VDA has employed with operating TISAX as a neutral authority.