TISAX certification - for security in the automotive industry
Information security is behind the Trusted Information Security Assessment Exchange, or TISAX for short. This is a standard that is used in the automotive industry to ensure the protection of information. Together with the TISAX certification, the German Association of the Automotive Industry (VDA ) is also doing everything it can to ensure the necessary security in the automotive sector. After all, advancing digitalization, online networking and various cloud applications have significantly increased the opportunities for cyber attacks.
Navimatix
What HITGuard does for TISAX
HITGuard GRC maps the TISAX standard in a knowledge database and thus enables a TISAX self-assessment to be carried out. This makes it possible to see how well companies are already positioned in this area. The tool and the knowledge database show the key areas of action in preparation for TISAX certification and ensure that companies can implement the highest security standards. With HITGuard, companies are well advised when preparing for audits.
Who TISAX applies to
The TISAX certification affects external suppliers and service providers in every industry who often process sensitive information from their clients. As manufacturers often closely involve their suppliers in production development, data security should be particularly high. For this reason, clients require suppliers to provide proof that these requirements are met. The new standard is therefore becoming an increasingly important component in the automotive industry.
TISAX vs. ISO 27001 - what are the differences?
Although TISAX certification is similar to ISO 27001, TISAX specializes even more in the security requirements of the automotive industry. Among other things, the company's partners are included in its own IT area, Data protection is a major topic, as is prototype protection. Furthermore, the two standards differ in terms of scope, testing process and maturity level.
Scope of application
The sections of a company that are checked during certification are defined in the scope. The self-determination of the company, as with ISO 27001, is not given with TISAX, here a standard is defined. With TISAX certification, it should be noted that all employees who work with sensitive data are included in the scope.
Maturity level
TISAX certification is based on the measures defined in ISO 27001. The significant difference is that all processes must have at least maturity level 3 (established) for successful certification.
Test process
The company's self-assessment is a key issue for both TISAX and ISO 27001.
TISAX distinguishes between 3 certification levels in terms of protection requirements. Level 1 is intended for normal protection requirements, Level 2 for high protection requirements and Level 3 for very high protection requirements. In principle, the company itself decides which certification level it chooses. However, many manufacturers require a certain level for cooperation.
HITGuard supports the assessment process for TISAX certification
Regardless of the certification level, a complete self-assessment based on the VDA-ISA catalog must be carried out as part of the certification process. HITGuard contains this catalog and can thus provide significant support with the self-assessment. The answers are documented and can be submitted as a report at the touch of a button.
For TISAX levels 2 and 3, additional plausibility and completeness checks by an external auditor are required. A strict time frame must be adhered to here: After the initial audit, you have nine months to rectify all deviations identified during the audit process.
HITGuard supports you in eliminating deviations by creating measures for the deviations found and monitoring their implementation with HITGuard. By means of recurring checks, you can ensure that, for example, guidelines are adhered to or potential weak points are checked.
This allows you to document proof that the weak points have been rectified. At the touch of a button, you can view this information or export it in the form of a report.
If all requirements are met, the company receives TISAX certification. It is valid for three years and no surveillance audits take place during this time.
Request a non-binding demo now
Find out what the GRC software HITGuard can do for you
Learn more about other modules of HITGuard!
Where, among other things, HITGuard is already proving its worth
Construction industry
approx. 20,000 employees
Auditor
approx. 700 employees
Health service
approx. 18,000 employees
IT Security Solutions
approx. 100 employees
IT Security Solutions
approx. 100 employees
Software House
approx. 400 employees
Event Management
approx. 500 employees
Hospital Operators
approx. 1,600 employees
approx. 6,000 employees
IT Service Providers
approx. 40 employees
Is your industry not listed? Do you need more information? We would be happy to put together individual reference examples for you – please contact us.