We secure information
An ISO 27001 or TISAX® certification is sometimes requested, but rarely is it presented by any company of its own free will. We have been required by customers in the automotive industry to certify abat AG according to ISO 27001 & TISAX®.
Since its founding, abat pursues the philosophy of "New Work" and does so with a flat organizational structure. When we have been asked to certify we were very concerned that the path to certification could negatively impact our business. However, throughout the process we have found that successful certification is possible without sacrificing any fundamental principles.
To be well prepared for the time before, during and after a certification process, abat AG offers you information security consulting services and supports you in protecting your and your customers' values.
ISO 27001 is the international standard for information security management systems (ISMS). More and more frequently, clients are asking their suppliers for an ISO 27001-certified system. In addition, the new rules of the GDPR require a functioning ISMS (Article 32).
TISAX® (Trusted Information Security Assessment Exchange) is a brand of the ENX Association and the automotive information security standard. Through this certification, service providers and suppliers demonstrate to their customers that they meet the high security requirements for the provided information. TISAX® is based on ISO 27001, but in many places, it concentrates on specific requirements of the automotive industry. Even now, OEMs often require a valid TISAX® certificate as a condition of collaboration. As abat AG is independent of the ENX Association, while consulting we don’t make checks in accordance with TISAX®. An accredited examiner must therefore be commissioned by you.
We provide services that pave the way to a successful certification:
We accompany you during all phases of your ISMS implementation project. Starting with the planning and setting up of the project, the preparation of the central documents such as risk analysis, SOA, policies and guidelines right up to the internal audit and shortly before the certification audit. You define where you need support. In addition, our consultants are well versed in the topics of "New Work" and agile corporate management and are here to assist you with the special features of a certification.
What does it mean to establish a management system? How do you build a risk analysis? How do you involve the IT? In which order do you construct the components of the ISMS? How can measures be implemented and monitored effectively? In an initial workshop you will learn the practical procedures to introduce an ISMS. In the process, we jointly develop work packages that you can then implement by yourself.
Support of the Information Security Officer (ISB) during the implementation
You have taken over the role of ISB? We increase your knowledge by answering your questions regarding the role sand responsibilities of the ISB. Examples: How to understand the ISO 27001 or TISAX® requirements. What do you really have to do? Which measures are effective? We inform you, bringing light into the dark, and present you with concrete proposals to get you safely to your destination.
Awareness of senior management
Whether ISO 27001 or TISAX® - the customer's requirement for certification has a major impact on your business. And at the beginning there may be skepticism among some decision makers in your company. In your interest, we raise awareness among these crucial individuals and provide awareness through examples from the field.
TISAX® self-assessment (VDA-ISA)
A TISAX® certification begins with registration with the ENX Association, the selection of a testing service provider and the preparation of the self-assessment according to the VDA. Within this self-report, assigning a correct maturity level (level 1-5) is not easy for any TISAX® request. Our consultants support you by clarifying the questions on requirements and provide support during the completion of the questionnaire.
Do you need an inventory of your current situation or would you like to make sure that you have met all the important requirements before the certification audit? Our consultants work as certified auditors themselves and can therefore judge the maturity of your ISMS. The scope of the Readiness Check can be defined by you.
ISMS project management
Do you run your ISMS project on your own and just want help with project management? This is demanding work, that requires the right person. We are convinced that running an ISMS project also requires a high level of expertise. Our ISMS consultants support you in project management, according to both classic and agile methods.
From training the ISMS project team, to training the prospective ISB, to providing information security training for your employees - we provide you assistance in all areas of a project.
Would you like to outsource your supplier audits? Based on your goals and the audit program, we take over the auditing of your suppliers - on-site or remotely on request. In the end, you will receive a meaningful audit report as a result.
External Information Security Officer
Our experienced and certified experts take over all relevant functions of an ISB. You benefit from our experience and efficient methods. Ideally, we would support you during the implementation phase and design the ISMS together with you.