The automotive industry has specific requirements. The frequency of information and data exchange in the entire area of operation is extremely high. The key issue in the external exchange of information is the protection of prototypes and ensuring security of communication with subcontractors and suppliers. In order to ensure proper protection of the processed data and information, in 2016 the VDA (the German Association of the Automotive Industry) introduced the TISAX certificate. Now it functions as a standard and plays a crucial role in IT services provided for the automotive sector and beyond.
What is TISAX and how does it differ from ISO 27001 in the Automotive?
Starting with the basics, TISAX (Trusted Information Security Assessment Exchange) is a common assessment and exchange mechanism in the automotive and other industries. It is an inter-company test and exchange mechanism based on the VDA Information Security Assessment (ISA). TISAX certification has been developed under the guidance of the VDA to ensure a unified level of information security. It brings standardization, quality assurance and mutual recognition of audits.
VDA established its own information security team more than a decade ago. Driven by pragmatism, it was based on the existing, market-proven experiences. ISO/IEC 27001 (Information Security Management System) was chosen as the foundation of the new proprietary standard, which was extended to include issues of particular importance to the automotive industry. Thus, an ISO/IEC 27001 certified organization, with little additional adaptation, is able to achieve high marks within the VDA-defined goals, and vice versa.
The ISA VDA survey on information security and supplier relations is directly related to ISO/IEC 27001, although the recommendations for the protection of prototypes and common classification of information slightly exceed the scope of ISO. So, is the TISAX standard worth going that extra mile in automotive industry?
Why is TISAX Certification so beneficial for Automotive and Other Industries?
Adapting the organization to the standard defined by VDA ISA (which, as we already know, is slightly more than ISO/IEC 27001) results in several benefits. The first one is active management of the organization's risks and reduction of the potential for losses.
What is more, TISAX members mutually honor the ratings received and operate within the framework of an equal level of data protection, which reduces the nuisance of the other party's ongoing audits. TISAX certification provides for information security assessments by audit providers in accordance with VDA standards and helps avoid redundant audits.
The ultimate goal of each company is entering into new contracts, and in that case, the TISAX assessment proves the maturity of the organization and the effectiveness of the implemented information security management system. There are situations where the contractor is required to perform the assessment. Then, the membership of TISAX speeds up the signing of the contract and reduces the risk of losing it to certified competition.
The Future of TISAX Standard looks bright
Within 10 years of the launch of the first information security working group by VDA, TISAX has become a standard in the automotive industry. In the last decade, the automotive industry has been putting more and more emphasis on the issue of information security, and there is no indication that anything is going to change.
Particular care is taken to protect prototypes and the details of technological processes. There is increasing pressure from major players in the market to certify against this type of standard. Piloted in May 2016, TISAX certification is experiencing a sharp increase in popularity, especially among German automotive companies, but not only.
What is TISAX Compliance in terms of ICT Services?
As the TISAX standard is becoming more and more popular, the biggest providers of ICT services (including cloud providers) have already completed their assessments. Since receiving the certification in December 2020, Comarch has been among them. Although being connected with ICT projects, the TISAX standard gives us much wider opportunities.
Because the TISAX certification is not limited to Comarch ICT but applies to every company branch located in Kraków, Poland, it makes all of Comarch services reliable in terms of quality and safety. It means that not only do we care about keeping our clients’ assets safe, but we also provide them with other IT products and services that don’t compromise security.
This is why so many companies that are part of the automotive industry work with us. For example, we have run infrastructure standardization and harmonization for Thyssenkrupp Automotive Technology, implemented Comarch PowerCloud, an innovative, relatable infrastructure to host the Dealership Management System of the Renault Group, and provided IT outsourcing services for Valeo Germany.
What’s particularly important is that the TISAX standard can also be applied to other industries beyond automotive. This makes Comarch fully compliant with the rules regarding secure information exchange, data protection, data encryption, and more, regardless of the sector you’re coming from. If you’re interested in our ICT services, information and communication technologies, you can read more about it here, or contact us by using this form.