ISO 27001 Implementation in the Automotive Industry

A

AnnaW

#1
Does some of you know about ISO 27001 implementation in automotive industry? does some of OEM talk about it? Please help!
 
Elsmar Forum Sponsor
#2
Re: 27001 in automotive ?

Does some of you know about ISO 27001 implementation in automotive industry? does some of OEM talk about it? Please help!
The main drivers of ISO 27001 in the USA are government and financial industries, with some coming from military OEMs. Nothing yet from Automotive. How would it apply to car makers and their suppliers?
 
A

AnnaW

#3
Re: 27001 in automotive ?

You're right in Poland also the main areas of ISO 27001 are government and financial industries, also IT but more and more are going into other industries.
Currently I am trying to put requirements of 27001 into automotive sector - mainly into development/desing centers (prototypes) and I am trying to find the "week" points in project management. Look how many valuable information is coming from the customer, new ideas, new desings etc, which could give (and I am sure they are!) great opportunities to be first for others.
So, I dont think that it could be a OEM requirement but maybe this is good point to be a more competitive and authoritative on the market.
What do you think..?
 
#4
Re: 27001 in automotive ?

You're right in Poland also the main areas of ISO 27001 are government and financial industries, also IT but more and more are going into other industries.
Currently I am trying to put requirements of 27001 into automotive sector - mainly into development/desing centers (prototypes) and I am trying to find the "week" points in project management. Look how many valuable information is coming from the customer, new ideas, new desings etc, which could give (and I am sure they are!) great opportunities to be first for others.
So, I dont think that it could be a OEM requirement but maybe this is good point to be a more competitive and authoritative on the market.
What do you think..?
I don't see a 'driver' for an information security management system here. Apart from a general recognition of the application of an ISMS, it's not very high on the 'risk' ladder, really, is it? Not like it is with other sectors of business. Good luck if you can get something going, but I believe there are bigger fish to fry in different markets.
 
A

AnnaW

#5
Thanks for your opinion.
Anyhow from my point of view is a only question of time when the customer start to ask not only for environment protection (14001) , employess safety (18001) but also for information security. That's why I think its worth to do something now.
The project has just began so I realize that may bring some difficulties, new informations, new interpretation of some requirements. Let see..
 
T

tigerfan51

#6
Re: 27001 in automotive ?

When ISO 27001 first came out many of my audit colleagues and I assumed that it would likely only affect banks, credit card companies, hospitals, etc. But the more we thought about it and discussed info security with our automotive clients, we came to realize it is profoundly relevant to the auto industry. Many of my automotive supplier clients have design, financial, production, personal and scheduling information that is very sensitive. They certainly don't want proprietary design info getting into the wrong hands - many suppliers have considerable information about their customer's processes and products that needs to be protected.
A couple of years ago one of my automotive clients had a denial of service attack right after I mentioned ISO 27001 in an opening EMS audit meeting. They lost all communications with one of their major customers for several days due to the actions of a digruntled former employee who apparently still had access to their systems.

I believe Toyota is staring to survey their suppliers regarding info security, so I think we will soon see more info security requirements in North America. Right now ISO 27001 is very big in Japan - see the latest ISO survey statistics.
 
A

AnnaW

#7
:) Thank you for your opinion in this subject.
As you mentioned Toyota has already started this subject, lets see what happen next..
As the project will be completed and implemented in one of company (already choosen) I will share my experience with you
Regards
Anna
 

Richard Regalado

Trusted Information Resource
#8
Toyota and Japanese companies are "hot" on ISO 27001 because there is a government mandate for companies handling information on Japanese citizens to have an information security management system. Not exactly mentioning ISO 27001 but how many ISMS standards are out there?

Last year, I assisted a Construction design firm (Chiyoda Philippines Inc.) in securing their ISO 27001 certification. Why? Because their head office in Japan required them in alignment with the government mandate and due to the nature of the information they're producing (refinery and pipeline designs).

Automotive industry? Why not? As long as there is information to protect, ISO 27001 is very much valid.
 
S

Sushil Kumar

#9
:applause:Dear Friends,
You are right that presently, it is not mandatory standard. But I found it very effective in my company. I am engaged with Auto Supplier. I was upset with out IT services as those were not covered under our other systems. When I came to know about this standard, I applied for the standard, at my own as consultants were asking heavy amount against fee as it was new to India. After certification, our IT dept improved a lot & we applied many controls against threats. In todays senario, most of the data kept in soft which must be protected. Our external customers appriciates a lot about this achievement. I think for self satisfaction, this standard is good one.:agree1:
 
#10
I am in the process of implementing ISO27K into our organization, who are a tier 1 supplier as Toyota, VW and BMW have requested we are at this stage compliant but not accredited at the moment.
 
Thread starter Similar threads Forum Replies Date
L Implementation of ISO 27001 as part of the GDPR compliance journey Other Medical Device Related Standards 2
A Policies Mandatory or essential for ISO 27001 implementation IEC 27001 - Information Security Management Systems (ISMS) 6
A ISO/IEC 27001 - Issue during implementation of system IEC 27001 - Information Security Management Systems (ISMS) 3
A ISMS implementation - ISO 27001: 2013 Company Objectives IEC 27001 - Information Security Management Systems (ISMS) 1
P Recommended books on ISO 27001:2013 Implementation and Internal Auditing IEC 27001 - Information Security Management Systems (ISMS) 4
A ISO 27001:2005 ISMS implementation process & Procedure IEC 27001 - Information Security Management Systems (ISMS) 3
Richard Regalado ISO 27001 Implementation Map Other ISO and International Standards and European Regulations 2
Richard Regalado ISO 27001 Implementation and Metrics Guide Other ISO and International Standards and European Regulations 8
A Process documentation in a ISO 27001:2005 ISMS implementation Document Control Systems, Procedures, Forms and Templates 10
M BS ISO/IEC 17799:2005 and ISO 27001:2005: Any advice on value and implementation? Customer and Company Specific Requirements 4
N ISO 27001 for Jumb Burger - Risk Assessment sheet IEC 27001 - Information Security Management Systems (ISMS) 11
T ISO 27001 sample audit report IEC 27001 - Information Security Management Systems (ISMS) 0
M Choosing Auditors - ISO 9001 / ISO 27001 (UK) IEC 27001 - Information Security Management Systems (ISMS) 2
M ISO 27001 ISMS scope for companies with subsidiaries IEC 27001 - Information Security Management Systems (ISMS) 0
S How to Learn all aspects of ISO 27001:2013 | The best way to grab the knowledge on 27001:2013 (Step by Step) IEC 27001 - Information Security Management Systems (ISMS) 7
P Relevance of Offsite backups process compliance and ISO 27001 certification. IEC 27001 - Information Security Management Systems (ISMS) 3
P Why does the standard clause use the term Issues in place of Context - ISO 27001 4.1 IEC 27001 - Information Security Management Systems (ISMS) 3
P What is the exact difference between Risk and Opportunity in context of ISO 27001? IEC 27001 - Information Security Management Systems (ISMS) 7
Le Chiffre Is ISO/IEC 27001 appropriate for most small businesses? IEC 27001 - Information Security Management Systems (ISMS) 2
B Integrating ISO 9001/27001 External Audits - Audit Time Reduced? Discounts? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
Richard Regalado ISMS Auditing Guideline V2 (based from ISO/IEC 27001:2013) IEC 27001 - Information Security Management Systems (ISMS) 7
K Risk Assessment Registry - ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 9
Richard Regalado ISO/IEC 27001:2016 Overview and Vocabulary - FREE! IEC 27001 - Information Security Management Systems (ISMS) 3
Richard Regalado ISO/IEC 27001 Mandatory Documentation Checklist IEC 27001 - Information Security Management Systems (ISMS) 1
A ISO 27001 function wise or department wise audit questionnaire with control & clauses IEC 27001 - Information Security Management Systems (ISMS) 3
S Sample document for integrated ISO 20000 & ISO 27001 Other ISO and International Standards and European Regulations 3
W What are the benefits of ISO 27001 for my IT Organization IEC 27001 - Information Security Management Systems (ISMS) 3
S Clarification in organizing required documents for ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 6
A Risk Register template as per ISO 27001:2013 wanted IEC 27001 - Information Security Management Systems (ISMS) 9
Richard Regalado Sharing a Statement of Applicability (SOA) for ISO/IEC 27001:2013 IEC 27001 - Information Security Management Systems (ISMS) 2
S ISO 27001:2013 - How to document Context Of the Organization IEC 27001 - Information Security Management Systems (ISMS) 13
C ISO 27001:2013 ISMS Internal Audit Checklist/Questionnaire IEC 27001 - Information Security Management Systems (ISMS) 24
G ISO 27001 for a Hosting Provider IEC 27001 - Information Security Management Systems (ISMS) 3
P ISO 27001:2013 Clause 4.1 and 4.2 Clarification and Guidance IEC 27001 - Information Security Management Systems (ISMS) 13
W Working in a company where we try to implement ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 9
L Where to purchase ISO/IEC 27001:2013 IEC 27001 - Information Security Management Systems (ISMS) 3
L Implementing ISO 27001 A12.1.1 Security Requirements Analysis and Specification IEC 27001 - Information Security Management Systems (ISMS) 2
I ISO 27001:2013 Released - Transition Requirements? IEC 27001 - Information Security Management Systems (ISMS) 6
J ISO 27001 - Business Continuity Event Simulation Testing Business Continuity & Resiliency Planning (BCRP) 8
R Required artifacts (records) for ISO 27001 Auditing IEC 27001 - Information Security Management Systems (ISMS) 9
P What are the benefits of certified ISMS for ISO 27001 standard? IEC 27001 - Information Security Management Systems (ISMS) 3
Richard Regalado DRAFT ISO/IEC 27001:201? ISMS Requirements (Open for Comments!) IEC 27001 - Information Security Management Systems (ISMS) 0
R ISO 27001 A.8.2.2 Information Security Awareness, Education and Training IEC 27001 - Information Security Management Systems (ISMS) 10
A Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 8
K Information Classification Labeling - ISO/IEC 27001:2005 Labeling Requirements IEC 27001 - Information Security Management Systems (ISMS) 1
L Time Required to Implement ISO 27001 if ISO 9001 certified & SOX compliant? IEC 27001 - Information Security Management Systems (ISMS) 3
G Customer Property Cl. 7.5.4 - Where does ISO 9001 stop and ISO 27001 start? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 33
T ISO/IEC 27001 to ISO/IEC 12207 Mapping - Cross Reference Matrix IEC 27001 - Information Security Management Systems (ISMS) 2
T Person in charge's role or responsibility in ISMS? ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 3
Richard Regalado A.15 Compliance - One of the grey areas of ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 7

Similar threads

Top Bottom