TISAX

TISAX (Trusted Information Security Assessment Exchange) and ISO 27001 have a very close relationship.

​

TISAX was originally derived from ISO 27001, specifically tailored to address the information security needs of the automotive industry. A large portion of its requirements are directly based on ISO 27001's Annex A controls.

​

TISAX goes beyond ISO 27001 by incorporating industry-specific security requirements highly relevant to the automotive supply chain, such as:

​

Protection of prototypes and sensitive product information

Secure handling of third-party connections

Physical security considerations for production facilities

​

 While built upon the ISO 27001 foundation, TISAX and ISO 27001 are separate standards. Certification or audits in one do not automatically apply to the other.

Companies can benefit from implementing both. An ISO 27001 certified organisation has a strong head start for TISAX compliance, as there's significant overlap in requirements.

​

Overall, TISAX introduces a higher level of prescriptiveness to ensure consistent and robust security practices throughout the automotive supply chain.

​

OCM can support your TiSAX certification by

 

Gap Analysis and Remediation: Conduct an initial assessment against the TISAX VDA ISA questionnaire to identify gaps between existing security practices and the standard.

---

Remediation Roadmap: Develop a detailed plan to address the identified gaps, prioritising critical areas and aligning with the required TISAX assessment level.

---

Security Control Implementation: Assist in implementing or strengthening necessary technical and organizational controls, such as:

​

Network security (firewalls, intrusion detection)

Endpoint protection (antivirus, malware protection)

Access control and identity management

Data encryption and protection

Incident response planning

Security awareness training for employees

Policy and Documentation Development:

---

ISMS Development: Help establish or refine the company's Information Security Management System (ISMS) in line with TISAX and ISO 27001 principles.

---

Policy Creation: Develop essential security policies and procedures (e.g., information classification, access control, incident response, change management).

---

Documentation Support: Assist with the creation and organisation of all required documentation for the TISAX audit.

---

Audit Preparation and Support: Pre-Audit Review: Perform a mock audit or internal review to simulate the TISAX assessment process, identifying any potential non-conformities.

---

Remediation Guidance: Provide assistance in addressing any findings from the pre-audit review.

---

Audit Liaison: Act as a point of contact with the audit provider, facilitating communication and clarifying requirements.

---

Vulnerability Management: Implement regular vulnerability scanning and patch management processes to maintain security posture.

---

Security Awareness: Maintain ongoing security awareness training programs for employees.

---

ISMS Review and Updates: Help conduct periodic reviews and updates of the ISMS to address evolving threats and maintain TISAX compliance.

​

Win automotive contracts with confidence. Achieve TISAX with our help.