GR 115 - Implementation of TISAX® (Trusted Information Security Assessment Exchange)
Description
TISAX® was developed by the members of the VDA e.V. (German Association of the Automotive Industry). TISAX® certification is required by many automotive suppliers.
The TISAX® standard supports the identification and mitigation of digital risks and ensures rapid remediation of information security incidents. This includes security data in the project development phases for parts and systems, as well as manufacturing process and automated networked production data. TISAX® is complementary to the ISO 27001 standard.
Participants will gain a comprehensive knowledge about key steps, considerations, and best practices of a successful implementation.
Since 2017, any company working for customers in the automotive industry can be required to submit a TISAX® approval in accordance with VDA-ISA. Suppliers and service providers in the industry need the TISAX® Label in order to continue to receive orders and avoid the threat of delisting.
Secure your competitive advantage over your competitors and join us on the path to your TISAX®.
Topics
1. Introduction to TISAX Implementation
2. Preparing for TISAX Implementation
3. Establishing Information Security Management System (ISMS)
4. Documentation and Evidence Gathering
5. Third-Party Engagement and Assessors
6. Preparing for the Assessment
7. Assessment Process
8. Assessment Report and Findings
9. Continuous Improvement
10. Case Studies and Practical Examples
11. Q&A Session
12. Conclusion
Aim
To equip participants with the knowledge and practical insights required to successfully implement TISAX within their organizations. Participants will learn about the key steps, considerations, and best practices for effective TISAX implementation.
Content
1. Introduction to TISAX Implementation
A. Recap of TISAX Basics
B. Importance of Implementation
2. Preparing for TISAX Implementation
A. Understanding Organizational Readiness
1. Identifying Stakeholders
2. Creating an Implementation Team
B. Scoping the Implementation Project
1. Defining Assessment Scope
2. Identifying Key Information Assets and Processes
C. Gap Analysis
1. Assessing Current Information Security Practices
2. Identifying Gaps and Non-Conformities
3. Establishing Information Security Management System (ISMS)
A. Introduction to ISMS
B. ISO 27001 Standard and TISAX
C. Steps to Establish an ISMS
Policy Development
Risk Assessment and Treatment
Controls Implementation
Performance Monitoring and Improvement
4. Documentation and Evidence Gathering
A. Documenting ISMS Elements
1. Policies and Procedures
2. Risk Assessment Reports
3. Incident Management Processes
5. Third-Party Engagement and Assessors
A. Selecting Third-Party Assessors
B. Clarifying Assessment Expectations
C. Providing Access to Documentation and Personnel
6. Preparing for the Assessment
A. Mock Assessment and Readiness Check
B. Ensuring Assessors' Access to Required Information
C. Addressing Any Last-Minute Gaps
7. Assessment Process
A. Assessment Scenarios (On-Site or Remote)
B. Cooperation with Assessors
C. Evidence Presentation and Clarification
8. Assessment Report and Findings
A. Understanding Assessment Classification (e.g., Level 1, Level 2)
B. Reviewing and Responding to Assessment Report
C. Corrective Action Planning
9. Continuous Improvement
A. Post-Assessment Review
B. Incorporating Feedback into ISMS
C. Ongoing Monitoring and Maintenance
10. Case Studies and Practical Examples
A. Real-world Implementations and Challenges
B. Success Stories and Lessons Learned
11. Q&A Session
A. Addressing Participants' Implementation-related Questions
B. Sharing Best Practices and Insights
12. Conclusion
A. Summarizing Key Implementation Steps
B. Encouraging Participants to Take Action
Prerequisites for participation
Participants should already have knowledge of ISO 9001 and/or ISO 27001. The training is aimed in particular at project managers for the development of new parts, information security managers, data protection officers, quality managers for management systems and internal auditors for integrated management systems.
Target audience
The training is aimed at CEOs, CIOs, CISOs, managers, information security officers, quality managers, and anyone who needs to better understand and/or implement automotive industry information security requirements.
Qualification Certificate
After passing the exam you will receive a certificate of TISAX® Implementation.
Duration
3 days
Important Advice
TISAX® is a registered trademark of the ENX Association.