IMPLEMENTATION OF MANAGEMENT STANDARDS
0700 12 070
Home| Standards and regulations| TISAX (Trusted Information Security Assessment Exchange)
Your rating 0 from 0 votes


Trusted Information Security Assessment Exchange (TISAX)


What is TISAX?
TISAX (Trusted Information Security Assessment Exchange) is a mechanism for evaluation and exchange of information regarding the level of information security of enterprises in the automotive supply chain that allows recognition and sharing of assessment results among the registered participants. TISAX implementation ensures an effective information security for companies in the field of the automotive industry which allows them to securely process sensitive information of customers and partners. The scheme also allows them to assess the information security of their suppliers, as TISAX requires that manufacturers and suppliers maintain the same level of security and protection of information and undergo a third-party audit.
The mechanism was developed by the German Association of the Automotive Industry (VDA) and is administered by the ENX association. It is based on the requirements of ISO/IEC 27001 and ISO/IEC 27002, as a set of additional requirements have been developed and added by the VDA for the assessment of information security, to adapt it to the automotive industry.
Who can benefit?
TISAX can be used by automotive manufacturers to achieve their own objectives regarding the security of information and to also audit their partners and suppliers which process sensitive data.
If companies require or need to prove that they maintain a certain level of security of information in compliance with "VDA Information Security Assessment" (VDA ISA), they can implement TISAX and achieve it. They can also require their suppliers to implement TISAX in order to maintain the same level of information security.

What are the main requirements of TISAX:
1. An information security management system, defined scope, a statement of applicability (SoA), and a process of risk assessment and risk treatment for the security of information;
2. Defined roles and responsibilities connected to information security management (including responsibilities and commitments of suppliers of products/services);
3. Security of information with regard to:
  • Completion of projects;
  • Risk assessment;
  • Classification of information;
  • Information exchange;
  • Mobile devices and removable media management;
  • Teleworking;
  • Training of employees;
  • Assets management;
  • Access and authentication management;
  • Privileged access management;
  • Use of cryptographic mechanisms;
  • Physical security of assets and information;
  • Antivirus protection;
  • Monitoring;
  • Etc.
4. Requirements connected to the interaction with suppliers;
5. Running regular drills and tests for vulnerabilities;
6. Requirements related to the security of processing of personal data according to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR);
7. Requirements concerning the producers of prototypes or organizations storing, supplying or maintaining vehicles or vehicle components requiring special protection.

By implementing the broadly accepted TISAX standard, companies in the automotive supply chain are able to implement successful risk management strategies to ensure protection of information assets and achieve credibility and trust among other players in the industry.
 

Trusted Information Security Assessment Exchange (TISAX)



TAGS
TISAX Trusted Information Security Assessment Exchange management systems standards development implementation ISO standard ISO 9001 QMS Quality management systems ISO 14001 EMS environmental management systems ISO 27001 ISMS information security management systems ISO 28000 ISO 45001 training certificate consultant consulting CONSEJO
News
27
02.24
Amendment 1: Climate action changes
Late last week, the International Organization for Standardization (ISO) announc...
05
02.24
Differences between NIS and NIS 2 directives
The European Union's cybersecurity rules, introduced in 2016, have been upda...
Accents
10
08.23
Standards for the protection of automotive security
The automotive industry has changed rapidly in recent years with the advent ...
28
07.23
WLA Security Control Standard - security controls in the lottery industry
The WLA Security Control Standard (WLA SCS) is an information security managemen...

Implementation of management standards

CONSEJO EOOD is a consulting company formed by a team of consultants with over 15 years of experience in management systems in the field of international standards. The focus of the company is the provision of consulting services in the development and implementation of management systems that meet the requirements of international standards for quality, the environment, safe working conditions, information security, good production practices based on international standards: ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, IFS Food, HACCP and others.

The CONSEHO team has participated in the realization of projects in all branches of the economy. The projects implemented by the CONSEHO team are over 1000, in the fields of production and design, construction, trade, information and communication technologies, transport and forwarding, hotel and restaurant industry, special production, energy, design, food industry, services, etc. The company has established a strict procedure for monitoring the compliance with the agreed requirements with the clients, both the terms of the contracts and the quality of service performance. The established working style of the company consists of developing real management systems together with our customers, on the basis of conducting multiple trainings and providing full assistance in the implementation process. Through its approach to work, CONSECO ensures and guarantees trouble-free certification of the built systems in extremely short terms.

See more
Partners
https://neterra.net/
https://www.gromahold.bg/dejnosti/
https://www.oktaxi.net/
https://www.softwaregroup.com/
https://www.scorpion-shipping.net/
https://www.dundeeprecious.com/
https://www.mumnet.com/
https://www.brenntag.com/
https://www.yettel.bg/
https://www.cetinbg.bg/
https://www.dhl.com/bg-en/home.html
https://ciela.bg/
https://datecs.bg/
https://bse-sofia.bg/
https://biseroliva.bg/
https://stemo.bg/bg/
https://www.enco-vending.com/
https://toto.bg/
https://www.geotechmin.com/biznes-napravleniya/minnodobivna-deinost/elatzite-med-ad
https://multiforce.bg/
https://www.ip-arch.com/
http://www.aviationservices.bg/
https://vipsecurity.bg/
https://etemgestamp.com/
https://www.orbit.bg/bg/
https://www.devin-bg.com/
https://next-consult.com
https://rdservices.org/
https://www.unimasters.com/bg_BG/
https://vp-brands.com/
https://cashcredit.bg/
https://www.office1.bg/
https://techno-class.com/
https://sportal.bg/