Industry Technology and Communications
Solution Type TISAX Accredited Audit Provider
Needs As a service provider for the automotive industry that handles sensitive information, the client pursued a Trusted Information Security Assessment Exchange (TISAX) assessment, in accordance with the VDA ISA catalog. They needed to be assessed by an accredited auditor that could verify that their information security management system aligned with industry-set standards.
Every TISAX participant has the opportunity to choose an accredited audit provider to run an assessment that is recognized by the European Network Exchange (ENX) Association. The ENX Association is a governing body that monitors the quality and completeness of these assessment results.
The results of this audit are shared with customers and the industry as a whole to validate information security requirements and establish overall credibility. These accredited audit providers perform their assessments based on information security management controls under the VDA ISA.
TÜV Rheinland i-sec GmbH is one of a few accredited firms that can perform TISAX assessments all over the globe. Based on a framework of Accreditation Criteria and Assessment Requirements (ENX TISAX ACAR), TUV Rheinland OpenSky achieved specific milestones to gain this recognition.
To meet the client’s requirements, our team of assessors focused on twenty-four (24) locations associated with their Cloud and G-Suite platforms. A simplified group assessment approach was used to conduct assessments of twenty-four (24) data centers and office locations across the globe. Self-assessments, or Assessment Level 1 (AL1), were performed for all locations in scope. TÜV Rheinland i-sec GmbH provided guidance to the client on the submission of responses and reviewed all self-assessments. TUV also performed remote, AL2 assessments for four (4) of their locations as well as one (1) on-site, AL3 assessment at their corporate headquarters.TÜV Rheinland i-sec GmbH’s overarching TISAX assessment process involves:
- Definition of the assessment objective and scope
- Registration at the ENX site by the participant
- Assessment of client’s information security management system and controls for in-scope locations
- Exposition of the findings for customer review
- Removal of findings based on customer input
- Initial Assessment Report that is made final and provided to the client
- ENX submission of assessment findings (conformities and non-conformities)
About TISAX: TISAX is a global inspection standard recognized beyond the individual customer, throughout the automotive industry. TISAX was established by the German Association of the Automotive Industry (VDA) and is governed by the European Network Exchange (ENX), which is an association of 15 companies within the European automotive industry. By achieving a TISAX High Assessment, organizations can share assessment results with existing and potential partners. These companies can also deliver assurance to build secure applications and services. See our TISAX services.
At the end of the day
- Verify that all 24 data centers worldwide satisfy security requirements as defined by VDA ISA
- Cut down on the number of tests they will need to conduct
- Simplify the renewal of supplier relationships
- Demonstrate to partners and clients that they have obtained a TISAX label based on their assessment objectives