TISAX - Information Security in the Automotive Industry
Universal recognition through mutual acceptance of joint assessments and exchange
What is TISAX
So far, information security in the automotive industry has been strongly influenced by individual approaches – that is about to change. Service providers and suppliers must regularly prove to their customers that they meet the high security requirements for data provided. So far, such assessments have been carried out mainly by the manufacturers themselves, which in the past repeatedly led to unnecessary multiplication. With TISAX (Trusted Information Security Assessment Exchange), there will be a joint assessment and exchange procedure in the future.
Are you a supplier or service provider for the automotive industry? If so, you need only one thing to assure customers that you are keeping their information secure – participation in the TISAX Exchange. All it takes is one assessment every 3 years.
The advantages of TISAX
- Cross-company recognition of the assessment results among all TISAX participants
- Greater confidence in certified service providers and suppliers
- Avoids the need for multiple checks
- Fewer misunderstandings due to the harmonized VDA-ISA test catalog
- Mutual recognition in the TISAX network saves time and cost
- Only one TISAX assessment every three years
How it works - Becoming a participant
Access to TISAX is via a subscriber registration, which takes place online on the TISAX portal. Registration is the prerequisite for being able to select a TISAX accredited audit service provider. Registered participants will receive a list of accredited providers from which they can freely choose. An organization may also register several locations and have a group assessment carried out. After an assessment by DQS based on VDA-ISA, information can be provided or obtained in TISAX.
Who is behind TISAX?
TISAX uses the ISA questionnaire compiled by the German Automotive Industry Association VDA based on essential aspects of ISO / IEC 27001. Recently, the VDA developed this into a common assessment and exchange procedure called TISAX, which is operated by ENX, an association of European car manufacturers, suppliers and associations.
The process starts with the client’s needs and expectations. DQS wants to learn about the client’s organization, its management system, size and types of operation. Together both parties will define objectives for the assessment and/or certification, including applicable standards and specifications.
DQS will provide a detailed offer for assessment and certification services, tailored to individual client needs, based on the information provided initially. A written contract will specify all relevant deliverables as well as applicable assessment and certification criteria.
A pre-audit can serve as initial performance or gap analysis, identifying strengths and areas for improvement. For larger assessment and certification projects a project planning meeting provides a valuable opportunity for the client to meet the lead assessor and develop a customized assessment plan for all functions and locations involved. Both services are optional.
The assessment procedure itself begins with review and evaluation of system documentation, goals, results of management review and internal audits. During this process, it will be determined whether the client’s management system is sufficiently developed and ready for certification. The assessor will explain findings and coordinate any required activities to prepare for the on-site system assessment.
The assigned auditor team will audit the client’s management system at the place of production or service delivery. Applying defined management system standards and specifications, the assessment team will evaluate the effectiveness of all functional areas as well as all management system processes, based upon observations, inspections, interviews, review of pertinent records, and other assessment techniques. The audit result, including all findings will be presented to the client during the closing meeting. Required action plans will be agreed upon as necessary.
The independent certification function of DQS will evaluate the audit process and its results, and decide independently about issuance of the certificate. The client receives an audit report, documenting the audit results. When all applicable requirements are fulfilled the client also receives the certificate.
Either semi-annually or at least once per year, there will be an on-site audit of the critical components of the management system. Improvement potential will be identified, with a focus on continual improvement and sustained effectiveness.
A management system certificate is valid for a limited period of time, frequently for a maximum of three years. At the end of this cycle, a re-audit will be carried out to ensure the ongoing fulfillment of all applicable requirements. Subject to this fulfillment, a new certificate will be issued.
DQS is one of the leading Management System Certification, Audits, Assessment & Training organization globally.
Truly Global Brand
Expert Auditors with High Emotional Intelligence
Local Capabilities & Delivery
Customized, Comprehensive & Actionable Insights
Pioneering Innovative Solutions
Passion for Quality & Excellence
Integrity & Trust
Want to Know more?
Ph: (080) 6661-6565 | +91 924 320 3043 | E: Sales.Support@dqs-india.in