Automotive News TISAX - VDA ISA (information security assessment)

Richard Regalado

Trusted Information Resource
#1
To help secure the ever-increasing connectivity in the automotive industry, the German Association of the Automotive Industry (Verband der Automobilindustrie, VDA) developed a catalogue of criteria for assessing information security. The VDA Information Security Assessment (German and English) is based on the fundamentals of the international ISO/IEC 27001 and 27002 standards adapted to the automotive industry. In 2017, it was updated to cover controls for the use of cloud services.

VDA member companies used this instrument both for internal security assessments and for assessments of suppliers, service providers, and other partners that process sensitive information on their behalf. However, because these evaluations were handled individually by each company, it created a burden on partners and duplicated effort on the part of VDA members.

To help streamline evaluations, the VDA set up a common assessment and exchange mechanism, the Trusted Information Security Assessment Exchange (TISAX). The catalogue of underlying TISAX requirements, Questionnaire for Checking Information Security Assessment and Information Security Management, Vers. 4 (German and English), provides common standards for IT security measures, and enables companies registered in TISAX to share assessment results. The VDA entrusted a neutral third party, the ENX Association, with TISAX implementation. In that capacity, it accredits audit providers (auditors), maintains the accreditation criteria and assessment requirements, and monitors the quality of implementation and assessment results.

This link contains information from the VDA site including the VDA ISA assessment tool.
VDA
 
Elsmar Forum Sponsor

Richard Regalado

Trusted Information Resource
#3
Is Tisax assessment conducted by certified auditors similar to ISO/IEC 27001 audit?
There is a TISAX checklist that is used and a maturity level is used instead of the usual binary - conformity or nonconformity for ISO/IEC 27001 audits. Auditors also need to show competency in IATF 16949.
 
#4
Thank you for your support.
Could you provide me information how to build good list of assets? Should every piece of information (documents), software and hardware should be included in the list? I'm struggling with very big amount of data.
 

Richard Regalado

Trusted Information Resource
#5
Thank you for your support.
Could you provide me information how to build good list of assets? Should every piece of information (documents), software and hardware should be included in the list? I'm struggling with very big amount of data.
Sorry for the late reply Akinom.

Before I answer, may I know why you are building a list of assets?
It's not a requirement of ISMS.

Richard
 
#6
Sorry for the late reply Akinom.

Before I answer, may I know why you are building a list of assets?
It's not a requirement of ISMS.

Richard
It is required by VDA ISA in control 8.1 (To what extent are inventories existent for objects (assets) that contain information in different versions?).
Isn't it?
 
#8
Hallo
I was looking for requirements specified by ENX to "qualify" a 3rd party Tisax auditor.
Can any body kindly send me a reference link where to understand them?
thank you
Ugo
 
Thread starter Similar threads Forum Replies Date
M AIAG-VDA DFMEA 2019 - it is compulsory? FMEA and Control Plans 7
C VDA 6.3 Auditor Expiration - Grace Period? IATF 16949 - Automotive Quality Systems Standard 7
Casana Step 7 in AIAG/VDA FMEA form FMEA and Control Plans 17
U New Yellow Print VDA 6.3 4th Edition - May 2022 VDA Standards - Germany's Automotive Standards 1
A VDA 19.2 vs. ISO 14644-1 VDA Standards - Germany's Automotive Standards 0
O What is SW-PNR in VDA 2:2020 P74? VDA Standards - Germany's Automotive Standards 0
I VDA Standard search VDA Standards - Germany's Automotive Standards 1
M Should there be another column in the Optimization section (step 6) of AIAG-VDA DFMEA form? FMEA and Control Plans 1
M Inconsistency of VDA-AIAG severity table for DFMEA with the manual text FMEA and Control Plans 0
M How to record the effects of adjacent systems (shown in boundary diagram) in the AIAG-VDA DFMEA form FMEA and Control Plans 0
A VDA 19.2 Illig value vs. allowed particle size VDA Standards - Germany's Automotive Standards 4
B VDA 6.3 Action needed score 8? VDA Standards - Germany's Automotive Standards 2
H RPN in AIaG-VDA FMEA Manual FMEA and Control Plans 1
M Options when MSA acc. to VDA 5 is NOK (Qms > 30%) Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 0
W Must VDA 6.3 be assigned to certain project? VDA Standards - Germany's Automotive Standards 0
Sonja D AIAG VDA PFMEA and Control Plan training FMEA and Control Plans 9
M VDA 6.3 – Workshop for Certified Process Auditor VDA Standards - Germany's Automotive Standards 4
OpExPro AIAG VDA FMEA Rating Tables FMEA and Control Plans 5
OpExPro The note at the bottom of DFMEA occurrence tables in AIAG VDA FMEA FMEA and Control Plans 0
OpExPro AIAG VDA DFMEA Template Required FMEA and Control Plans 6
John C. Abnet VDA 6.3 - Question 7.3 - "blocking of parts" VDA Standards - Germany's Automotive Standards 6
John C. Abnet VDA 6.3 questionnaire form VDA Standards - Germany's Automotive Standards 5
M "Issue & continuous improvement" columns in AIAG-VDA PFMEA form FMEA and Control Plans 4
C AIAG-VDA PFMEA - 1st special Characteristics? [5step vs. 6step] FMEA and Control Plans 3
B VDA Manufacturing and Related Processes 0
B EMPB (Erstmusterprufbericht) VDA form confusion + PSW VDA Standards - Germany's Automotive Standards 4
J Which OEM or customers are now requiring the new AIAG/VDA FMEA format? FMEA and Control Plans 7
M Any way to execute VDA 6.3 audit remotely? VDA Standards - Germany's Automotive Standards 3
sutie How to understand VDA 6.3 2016 P4.1 VDA Standards - Germany's Automotive Standards 6
C AIAG/VDA FMEA - Is the new better? FMEA and Control Plans 0
P VDA AIAG FMEA - Slides for Quality Audience FMEA and Control Plans 4
M Is there any pre-defined Control plan format/template acc. VDA? VDA Standards - Germany's Automotive Standards 1
B AIAG/VDA’s FMEA Manual Is a Major Advance (my take on this subject) FMEA and Control Plans 2
B AIAG-VDA FMEA - When the new format will be required FMEA and Control Plans 6
Q VDA 6.3 questions vs IATF 16949 clauses VDA Standards - Germany's Automotive Standards 0
M How to complete structure Analysis and Function analysis sections' columns of AIAG-VDA DFMEA form FMEA and Control Plans 0
B VDA 6.3 Qualification as Process Auditor training course and exam VDA Standards - Germany's Automotive Standards 0
C FMEA Process assessment In the Draft for the AIAG/VDA FMEA Manual is gone FMEA and Control Plans 0
M MANUAL FMEA VDA VDA Standards - Germany's Automotive Standards 1
S Yellow print VDA 4 VDA Standards - Germany's Automotive Standards 0
D Where (in US) can I get the VDA Auditor Edition book? VDA Standards - Germany's Automotive Standards 3
K AIAG/VDA FMEA & Process Control Plans FMEA and Control Plans 0
D FMEA-MSR in the AIAG-VDA Aligned Handbook - What is it? FMEA and Control Plans 5
J Customer VDA Audit - We must provide refresher training? VDA Standards - Germany's Automotive Standards 4
bobdoering AIAG VDA FMEA Handbook - 2019 - something familiar about this.... FMEA and Control Plans 37
J Supplier choice limitation - Many of them dont have PSCR, VDA or even ISO 9001 VDA Standards - Germany's Automotive Standards 0
L VDA 1 Documented Information and Retention (new revision 4, August 2018) VDA Standards - Germany's Automotive Standards 0
S New to the automotive business and VDA VDA Standards - Germany's Automotive Standards 5
Q VDA 6.3 Process Auditor Card VDA Standards - Germany's Automotive Standards 1
Q GAP Analysis between IATF 16949 and VDA 6.3 wanted VDA Standards - Germany's Automotive Standards 4

Similar threads

Top Bottom