2. Why a separate standard of the automotive industry?
In the automotive industry, special requirements are placed on IT security and information security risk management, as there are many different parties involved in vehicle manufacturing and these are closely networked via their interfaces. For a binding standard, the VDA's Information Security Working Group has created a catalogue based on the international standard ISO/IEC 27001 and thus developed a standard for IT security in the automotive industry.
1. What is behind the term TISAX?
TISAX® means Trusted Information Security Assessment Exchange. TISAX® is a standard for information security defined by the automotive industry, behind which the VDA ISA questionnaire can be found.
3. Where can I get the current VDA ISA catalogue?
The VDA ISA questionnaire can be downloaded from the VDA website . The EXCEL questionnaire can be found under https://www.vda.de/de/services/Publikationen/vda-isa-katalog-version-5.0.html
4. Which external body checks companies for the TISAX standard?
External accredited testing bodies carry out the TISAX® audit according to VDA ISA, the testing service providers can be found on the ENX homepage. https://portal.enx.com/en-us/TISAX/xap/?country=EN
5. Which processes are affected by TISAX?
TISAX refers to the procedures and processes in the company with security relevance. This includes the areas of IT security with data protection, communication with external interfaces, prototype protection, IT emergency plans for data breaches, personnel recruitment and termination. The area of supplier development purchasing is also affected, where critical information in the supply chain must be secured via effective information security management system.
6. When does a TISAX audit have to be commissioned?
A TISAX audit is a voluntary commitment, which is commissioned by the organization itself.
7. Who is the ENX Association?
The ENX Association is established to protect the rights and obligations of participants, within its mandate the ENX accredits testing service providers and ensures the quality of the implementation of TISAX Assessment.
8. Where can I find further information about TISAX or registration?
A comprehensive manual from the ENX association is available for download.