Why should you implement an ISMS according to TISAX®?
In order to ensure that data, prototypes and subcontractors are handled with care and that a high level of security is maintained in the exchange of information across company boundaries, the German Association of the Automotive Industry (VDA) has developed a questionnaire based on ISO 27001, which focuses on information security, but also specifies the special requirements of the automotive industry in many areas. This questionnaire serves as the basis for the self-assessment and must be completed by the service provider or supplier before the test. Since 2017, a common testing and exchange mechanism has been established for tests of this kind in the form of TISAX®, the Trusted Information Security Assessment Exchange. Through assessments and the achievement of a TISAX® label, service providers and suppliers demonstrate to their customers that they meet the high security requirements for information provided. OEMs already frequently require the TISAX® label for information security "high" or "very high" as a condition for cooperation.
How does abat support you with the implementation?
We support you with relevant questions about the requirements, the support during the completion of the questionnaire and the assignment of a correct level of maturity (level 1-5). In addition, we accompany you in the introduction of an information security management system in accordance with TISAX® or, if you wish, assist you in only a few areas, for example in checking the requirements for access, access and access, handling data backup and patch management, and performing risk analyzes, employee training for security awareness or prototype protection. Basically, we help you to establish processes, define roles (e.g. the IT security officer or information security officer) and create the necessary documentation.
Why do you need an information security officer?
The construction of an ISMS is not a temporary solution, after all the system is operated as a process via a Plan-Do-Check-Act cycle (PDCA). This task is the responsibility of the information security officer. In general, our advice on introducing an ISMS in accordance with TISAX® concludes with the fact that you can use your ISMS independently. If you cannot manage the workload involved in operating an ISMS, you can also hire us as an external Information Security Officer.
Why should you choose abat?
Almost no company carries out a TISAX® assessment on its own initiative. To ensure that you are well prepared for the time before, during and after the certification or testing process, abat offers you consulting services in this area. Our consultants have completed training as TISAX® VDA / ISA Lead Implementer & Lead Auditor. Years of experience and regular advanced training in this area ensure that we are guided by current standards. Our goal is to support you in setting up an ISMS in accordance with TISAX® and to prepare you optimally for a certification.
How to you get an TISAX® label?
Please note that abat can support you with the implementation of an information security management system as well as with the audit process. The final audit according to TISAX® may only be carried out by a test service provider recognized by the ENX Association. All recognized test service providers are listed on the exchange platform of the ENX Association. If required, the results can be made available to the automobile manufacturers via this exchange platform.
Free initial consultation to analyze your needs
During the first consultation, you define your initial situation and we clarify the first questions. This appointment is free of charge and non-binding for you.