TISAX stands for Trusted Information Security Assessment Exchange), it comprises an information security standard for the automotive industry.
It consists of requirements from VDA-ISA (Verband der Automobilindustrie Information Security Assessment. The latest version is 5.1, and can be downloaded here.
TISAX is relevant for all organizations (developing technology used) in the automotive industry
The VDA-ISA requirements can be divided into three categories:
- Information security (34 controls)
- Prototype protection (22 controls)
- Data protection (4 controls)
For each control, there are “must have” and “should have” requirements, in some cases extended with additional requirements for (very) high protection needs (as indicated by the client).
ISO 27001 with TISAX?
Rather than looking at it as a whole new set of requirements, it is recommended to utilize the synergy with ISO 27001, as both frameworks cover the same ground. And, depending on the auditing firm you are contracting, the audits could even be combined!
The VDA-ISA checklist provides a mapping to the ISO 27001 (2013) controls, so you can compare the VDA-ISA requirement with the implementation of the ISO control, making modifications only when necessary.
From VDA-ISA version 5, all controls need to be implemented with maturity level 3 (Established). When an organization has achieved ISO 27001 certification, they should already have achieved a maturity level of 4 (Predictable).