Due to the rising prevalence of intelligent and connected cars, the automotive industry and its supply chain have become appealing targets for hackers and ransomware attackers. In response, the German Association of Automotive Industry (VDA) introduced the TISAX mark in 2017. This seal is an evaluation and exchange mechanism, ensuring organisations comply with VDA's Information Security Assessment (ISA) to improve supply chain security.
TISAX has achieved international acclaim and is trusted by automotive manufacturers and suppliers worldwide, with business giants like Audi, BMW, Mercedes Benz, and Volkswagen embracing TISAX. TISAX aims to ensure consistent standards of IT security throughout the value chain. It relies on three assessment levels based on protection requirements: standard, high, and very high. TISAX extends the ISO 27001 standard by incorporating its controls and instructions for implementation, process assurance, and tool utilisation.
TISAX, on the other hand, distinguishes itself by emphasising the attainment of a specified maturity level to obtain the designation. Unlike ISO 27001, which requires a yearly audit, TISAX requires a single three-year review. While ISO 27001 certification is available, TISAX awards a distinguishing label based on satisfying the assessment objectives stated in the VDA assessment catalogue.
TISAX therefore offers simplified group assessment as an optional evaluation approach for businesses with multiple locations. Users can use the standard process or the simplified group assessment. They must complete additional requirements once they choose the simplified group assessment. Register as a TISAX participant and describe the assessment goals. Then, TISAX audit providers request offers for a more straightforward group examination. The primary step is performing a precondition check to ensure the ISMS meets the requirements. If they pass, the assessment will proceed with reviews on the remaining sites based on their chosen assessment method.
TISAX is therefore an information security assessment (ISA) catalogue based on key elements of information security such as data protection and connection to third parties developed by the European automotive industry.
A representative sample of places is chosen for evaluation as part of the sample-based assessment procedure. On the other hand, the rotating schedule-based evaluation procedure ensures that every business falling under the established scope is evaluated over a set timeframe, usually three years. Both strategies attempt to assess and confirm adherence to TISAX standards but differ in how they choose and evaluate places within an organisation.
To qualify for the simplified group assessment in TISAX, companies must have a centralized and well-developed Information Security Management System (ISMS). It means the primary location ensures compliance with ISMS regulations at all areas, with dependable communication channels and feedback matching expectations. The simplified group assessment entails a thorough ISMS check at the primary location, allowing for less intense checks at other sites. The assessment requires a minimum of three places, preferably around twelve. For rotating-schedule-based evaluations, the total number of locations has a negligible effect on the effort necessary.
The cost of TISAX certification is EUR 405.00 per location in one scope. There is a discount of 10% per location for 5-9 locations within a scope and a discount of 20% per location for 10 or more locations within a scope. Before the final approval of any registration application for TISAX, payment of all fees, subject to German value-added tax (VAT), is required within 30 days of the invoice date.
- Level 1 involves completing a questionnaire
- Level 2 includes random phone checks
- Level 3 entails an on-site inspection for suppliers handling highly sensitive data
The TISAX assessment process consists of six steps:
Step 1. Classification - An OEM/client categorizes suppliers based on the criticality of the data they handle.
Step 2. Registration - Suppliers register with ENX, providing their scope number to initiate the assessment process.
Step 3. Assessment - An assessment is conducted according to the requested level of security. This assessment evaluates the supplier's information security measures.
Step 4. Report - The assessed company receives a comprehensive report from an approved auditor. This report highlights the findings and recommendations based on the assessment.
Step 5. Vulnerability Elimination - The assessed company takes necessary actions to address and resolve any identified vulnerabilities or weaknesses in its information security practices.
Step 6. Report Upload - The final step involves uploading the assessment report to the relevant platforms or systems, and making it available for review and verification by OEMs/clients or other stakeholders.
Therefore TISAX ensures that suppliers meet the required information security standards and address any vulnerabilities to maintain the integrity and security of data exchanged within the automotive industry.
During the coronavirus pandemic, TISAX (Trusted Information Security Assessment Exchange) continued to play a crucial role in ensuring information security in the automotive industry. Despite the challenges posed by the pandemic, TISAX assessments and certifications remained essential for companies involved in the automotive supply chain.
It continued to ensure information security in the automotive industry with remote assessments and virtual audits, implemented to adapt to the dire situation. TISAX helped companies maintain trust in their suppliers and secure data during increased digital interactions. It also played a crucial role in safeguarding information amidst the challenges of the pandemic.
We, a leading cybersecurity company based in India, demonstrated its prowess as a TISAX consultant when approached by an esteemed Automotive company in Pune, India. The client, recognizing the importance of achieving TISAX certification for their operations, sought the expertise of We to navigate the intricate process. As a TISAX implementation consultancy, we embarked on a systematic journey to guide the client through each crucial step towards obtaining the TISAX label certification.
The initial phase involved a comprehensive assessment of the client's existing cybersecurity infrastructure, identifying potential vulnerabilities, and aligning current practices with TISAX standards. We, armed with a team of seasoned TISAX auditors, meticulously examined the company's information security management system (ISMS) to ensure compliance with the stringent requirements laid out by TISAX.
Following the assessment, we collaborated closely with the client to develop and implement a customized roadmap for TISAX compliance. This involved introducing robust security measures, implementing secure data handling protocols, and integrating cutting-edge technologies to fortify the automotive company's cybersecurity posture. Throughout the process, we maintained a client-centric approach, tailoring solutions to the specific needs and challenges faced by the Automotive company in Pune.
As part of their TISAX implementation consultancy, we facilitated and guided the client through the TISAX audit. This meticulous process involved the scrutiny of the implemented measures by accredited TISAX auditors, ensuring that every aspect aligned with the stringent TISAX standards. We also actively participated in addressing any identified gaps and continuously refined the cybersecurity framework to meet the evolving TISAX criteria.
The culmination of this collaborative effort was the successful TISAX audit, resulting in the Automotive company in Pune achieving the coveted TISAX label certification. Valency Networks not only demonstrated its technical expertise but also showcased its commitment to enhancing cybersecurity in the automotive industry. This success story stands as a testament to the effectiveness of we as a TISAX consultant and highlights their dedication to making businesses more resilient to cyber threats.
Valency Networks, a distinguished cybersecurity firm with a proven track record, played a pivotal role as a TISAX consultant for an esteemed Automotive parts manufacturer based in Aurangabad, India. Focused on achieving Assessment Level 3 (AL3) compliance, the client enlisted our expertise to navigate the intricate process of elevating their cybersecurity standards to meet the rigorous AL3 requirements.
The engagement kicked off with a thorough assessment conducted by us, wherein the existing cybersecurity infrastructure of the Automotive parts manufacturer was meticulously scrutinized. This initial phase, led by experienced TISAX auditors, aimed to identify potential vulnerabilities and gaps in the company's information security management system (ISMS). We ensured a comprehensive understanding of the client's unique challenges and objectives to tailor an effective strategy for AL3 implementation.
In collaboration with the client, we formulated a customized roadmap for achieving AL3 compliance, integrating advanced security measures and technologies into the existing framework. The TISAX implementation consultancy was marked by a strategic and methodical approach, ensuring that every facet of the Automotive parts manufacturer's cybersecurity aligns with the stringent AL3 standards.
As part of the AL3 implementation process, we actively guided the client through the TISAX audit, working closely with accredited auditors to validate the effectiveness of the implemented measures. The audit process, conducted with precision and attention to detail, was a collaborative effort to address any identified gaps promptly. We demonstrated its commitment to excellence by refining the cybersecurity framework iteratively, ensuring that the Automotive parts manufacturer in Aurangabad met the exacting AL3 criteria.
The successful outcome of this partnership was the attainment of AL3 compliance, solidifying the Automotive parts manufacturer's commitment to robust cybersecurity practices. We not only showcased its technical acumen as a TISAX consultant but also demonstrated a keen understanding of the specific challenges faced by the Automotive industry. This success story stands as a testament to our capability to elevate cybersecurity standards for businesses, particularly in the realm of Automotive parts manufacturing.