TISAX® LABELLING SUPPORT
The ISO 27001 international standard and the TISAX® mechanism define corporate information security management systems requirements.
ISO 27001 is an information management system that establishes general requirements for all companies.
TISAX® defines requirements specifically for suppliers in the automotive industry.
TISAX® is based on ISO 27001 and follows its main principles, but both standards are fully independent of one another and there are some differences.
TISAX® defines specifically what 'secure' means when applied to information in the automotive industry, whereas ISO 27001 is open to a certain degree of interpretation.
In addition, the assessment methodology is different as ISO 27001 requires an annual audit, whereas TISAX® requires one assessment, which is valid for three years.
In terms of conformance confirmation, ISO 27001 awards a certificate, whilst TISAX® awards a label.
Certification to ISO 27001 is achieved by meeting the requirements of the standard, whilst achieving a TISAX® label is based on meeting the requirements of the assessment objective in the VDA assessment catalog.
SETTING THE SCENE.
THINK ABOUT YOUR CLIENT. THEY HAVE CONFIDENTIAL INFORMATION. THEY WANT TO SHARE IT WITH THEIR SUPPLIER — YOU.
This information is an important part of their value creation.
They want to protect it appropriately. And they want to be sure that you are handling their information with the same due care.
But how can they be sure that their information is in good hands?
They can’t just “believe” you. Your client needs to see some proof.
Instead of creating an evidence-based solution each time, a standard method removes the burden of proof.
And whilst defining the standard is a huge effort to start, it brings continuous benefits.
This is what the Trusted Information Security Assessment Exchange brings.
TISAX® is globally recognized and is required to do business with all major German automotive players. All automotive suppliers and service providers who process sensitive information should use TISAX® to meet consumer and regulatory information security requirements.
ENCONA HAS YOU COVERED.
The TISAX® process usually starts with one of your partners requesting that you prove a defined level of information security management according to the requirements of the “Information Security Assessment” (ISA). To comply with the request, you need to complete the 3-step TISAX® process.
Our global network of expert information management professionals can guide you through the TISAX® process with training, pre-audits, and support.
Depending on your Assessment Level (based on the information types you hold), ENCONA’s Subject Matter Expert (SME) will investigate each item from the ENX questionnaire and assess the gaps, in preparation for the Self-Assessment or TISAX® audit:
The first step will be an inspection of the facility to assess the physical security of the facility (the gates, the fences, the access doors, the employee access management system, the visitor management system, the security procedures at the gates, windows, emergency procedures, fire protection procedures, and tools, the potential breaches that can be exploited by a potentially bad intentioned person, etc.
The SME will have meetings with the heads of the departments to discuss their impact on the TISAX® requirements, where they are now, and where they should be. During all these discussions open points will result that will be inserted in a List of Open Points. The ISR (Information Security Responsible) person from the company will take part in all these meetings.
If you require assistance with the Self-Assessment, based on the questionnaire provided by ENX, our SMEs are available to assist.
We will conduct a Closing “All Hands On Deck” Meeting, including your entire management team. All the open points will be discussed, and actions, deadlines, and responsible people will be defined.
Our audits are neutral, so they do not cause a conflict of interest or create a risk of internal or supplier technology leaks.
We are a leading provider of powerful professional training and development courses in the automotive industry.
public | in-house | in-person | online | instructor-led | self-paced
TYPICAL SUPPORT FLOW
A modular approach.