VDA information security requirements
The term TISAX®* stands for ‘Trusted Information Security Assessment eXchange’. TISAX® describes a mechanism that allows companies to share the results of an information security assessment with legitimate interested parties via a secure online platform. The operator ENX Association acts as the governance organisation, accredits the audit providers and monitors the quality of the implementation and the assessment results.
The assessment is based on the VDA Information Security Assessment. The defined requirements can be roughly divided into the following categories:
The information security requirements describe the structure and operation of an information security management system and strongly resemble the Control Objectives and Controls in ISO27001:2017 (however, compliance can also be achieved using other ISMS methodologies).
Management of third parties
This module defines specific requirements that apply where spaces are sub-let to a supplier or service provider, and a connection to the third party’s business network is to be established on the premises.
Prototype protection covers aspects of physical security, organisational requirements and the handling of prototypes.
In future, VDA ISA compliance will be a mandatory requirement for collaboration within the automotive industry
Send a request
Are you interested in our solution?
- Self-assessment based on VDA ISA to determine starting point
- Definition of tasks and measures required to close identified gaps
- Support towards ensuring overall maturity compliance and achieving the required Level 3
- Integration of areas of VDA ISA you have already met
We help you prepare for TISAX® certification by advising on technical aspects, providing project management and drawing up policies
Our experienced advisers conduct regular, external assessments of information security required by VDA ISA