Automotive TISAX & ISO/IEC 27001:2022, Cybersecurity (ISO 21434)

TISAX & ISO/IEC 27001:2022, Cybersecurity (ISO 21434) - Consulting, Implementation and Coaching

Because of the criticality of Information Security, certification to (ISO/IEC 27001) has become one of the most important and sought-after certifications in the world.  Healthcare, Medical Devices, Aerospace, and Automotive organizations have recognized the urgent need to implement systems to protect their confidential information and Intellectual Property. The innovations realized in the past 30 years and the promises of the future all rest on information and digitalization. The almost daily news reports of companies’ Information Systems being hacked into, stolen, corrupted, and/or disseminated publicly puts every organization’s data at severe risk. Cybersecurity, one area of Information Security, is now mandatory for automotive organizations. Additionally, the US Government has mandated NIST 800-171 and NIST 800-53 for companies supporting the Department of Defense and will soon include civilian agencies. NIST standards and ISO 27001 standards can be integrated along with TISAX into one Information Security Management System. Additionally, Omnex believes the implementation must be in the context of an Integrated Management System addressing QMS, EMS, OHS, Social Responsibility, and Information Security.

An ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organization’s information security to achieve business objectives. It is based on a risk assessment and the organization’s risk acceptance levels designed to effectively treat and manage risks. An ISMS preserves the confidentiality, integrity, and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.

TISAX stands for Trusted Information Security Assessment Exchange, a mechanism for the exchange of testing information that is operated by the ENX Association. It is a scheme to prevent multiple Cybersecurity assessments between Customers, Suppliers, and parties doing business with each other. The assessment was developed by the Information Security working group of the German Association of the Automotive Industry (VDA1) has described the fundamental requirements for information security in the VDA ISA2 (Information Security Assessment) catalog that is used for security assessments within the automotive supply chain.

Omnex recommends Automotive companies implement TISAX and ISO 27001 - IT Security Management System. It is best not to implement it as a standalone management system but to integrate it into the processes of the organization. See Omnex's Integrated Management process.