Which businesses and organisations would benefit from VDA ISA?
TISAX®* is an information security standard for the automotive industry.
Benefits of VDA ISA
Recognised standard
TISAX® is a recognised standard for the automotive industry and is operated by ENX Association (ENX Association acts as the governance organisation, and in addition to accreditation is also responsible for monitoring the quality of the implementation and the assessment results)
Clearly defined requirements
The underlying VDA ISA contains detailed, industry-accepted requirements and serves as a basis for the audit
Proof of information security
By participating, you provide your partners with an official confirmation that your business guarantees the secure processing of confidential information
VDA information security requirements
The term TISAX®* stands for ‘Trusted Information Security Assessment eXchange’. TISAX® describes a mechanism that allows companies to share the results of an information security assessment with legitimate interested parties via a secure online platform. The operator ENX Association acts as the governance organisation, accredits the audit providers and monitors the quality of the implementation and the assessment results.
The assessment is based on the VDA Information Security Assessment. The defined requirements can be roughly divided into the following categories:
Information security
The information security requirements describe the structure and operation of an information security management system and strongly resemble the Control Objectives and Controls in ISO27001:2017 (however, compliance can also be achieved using other ISMS methodologies).
Management of third parties
This module defines specific requirements that apply where spaces are sub-let to a supplier or service provider, and a connection to the third party’s business network is to be established on the premises.
Prototype protection
Prototype protection covers aspects of physical security, organisational requirements and the handling of prototypes.
Future-proofing
In future, VDA ISA compliance will be a mandatory requirement for collaboration within the automotive industry
Services
Gap analysis
- Self-assessment based on VDA ISA to determine starting point
- Definition of tasks and measures required to close identified gaps
Achieve target maturity level
- Support towards ensuring overall maturity compliance and achieving the required Level 3
- Integration of areas of VDA ISA you have already met
Prepare for certification
We help you prepare for TISAX® certification by advising on technical aspects, providing project management and drawing up policies
Audit
Our experienced advisers conduct regular, external assessments of information security required by VDA ISA
Disclaimer
*TISAX® is a registered trademark of ENX Association.
**apsec and the Swiss IT Security Group are not affiliated with ENX Association.
