GR 113 - Fundamentals of TISAX® (Trusted Information Security Assessment Exchange)
描述
TISAX® was developed by the members of the VDA e.V. (German Association of the Automotive Industry). TISAX® certification is required by many automotive suppliers.
The TISAX® standard supports the identification and mitigation of digital risks and ensures rapid remediation of information security incidents. This includes security data in the project development phases for parts and systems, as well as manufacturing process and automated networked production data. TISAX® is complementary to the ISO 27001 standard.
Participants will gain a comprehensive overview of the standard's requirements and learn how to use specific risk management tools.
Since 2017, any company working for customers in the automotive industry can be required to submit a TISAX® approval in accordance with VDA-ISA. Suppliers and service providers in the industry need the TISAX Label in order to continue to receive orders and avoid the threat of delisting.
Secure your competitive advantage over your competitors and join us on the path to your TISAX®.
Topics
1. Introduction to TISAX
2. TISAX Basic Requirements
3. TISAX Assessment Process
4. Benefits of TISAX
5. TISAX and Data Protection (GDPR)
Aim
To provide participants with a comprehensive understanding of the basic requirements of TISAX, enabling them to comprehend the framework's key elements, benefits, and relevance to information security in the automotive industry.
Content
Through this education/training you will learn...
1. Introduction to TISAX
A. Definition and Purpose
B. Importance in the Automotive Industry
C. Framework Overview
2. TISAX Basic Requirements
A. Information Security Management System (ISMS)
1. Explanation of ISMS
2. ISO 27001 Standard
3. TISAX Compliance Levels
B. Scope Definition and Assessment Scope
1. Defining Scope for Assessment
2. Inclusion and Exclusion Criteria
C. Assessment Types
1. Self-Assessment
2. Third-Party Assessment
3. Common Assessment Framework (CAF)
3. TISAX Assessment Process
A. Initiating an Assessment
1. Assessment Request
2. Participant Registration on ENX Portal
B. Preparing for Assessment
1. Selecting Assessment Scope and Assessment Scope Elements
2. Gathering Relevant Documentation
3. Identifying Contact Persons and Roles
C. Assessment Execution
1. Third-Party Assessors and Their Role
2. On-Site and Remote Assessments
3. Assessment Criteria and Evidence Evaluation
D. Assessment Reporting
1. Assessment Result Classification (e.g., Level 1, Level 2)
2. Assessment Report and Findings
E. Corrective Actions and Remediation
1. Addressing Identified Gaps and Non-Conformities
2. Timeline for Remediation
4. Benefits of TISAX
A. Enhanced Information Security
B. Building Trust in the Automotive Supply Chain
C. International Recognition and Acceptance
5. TISAX and Data Protection (GDPR)
A. Data Protection and Privacy Considerations
B. Alignment with GDPR Principles
6. Q&A Session
A. Addressing Participants' Questions and Concerns
B. Clarifications on TISAX Requirements
7. Conclusion
A. Summary of Key Takeaways
B. Encouraging Participants to Explore Further Resources
Prerequisites for participation
Participants should already have knowledge of ISO 9001 and/or ISO 27001. The training is aimed in particular at project managers for the development of new parts, information security managers, data protection officers, quality managers for management systems and internal auditors for integrated management systems.
Target audience
The target group of this training includes all specialists and managers who would like to gain knowledge of TISAX® (Trusted Information Security Assessment Exchange) assessment.
This course is also very appropriate for those wish to Lead audits of ISMS in accordance to TISAX® (either as a 2nd party, or 3rd party auditor).
Qualification Certificate
After passing the exam you will receive a certificate of TISAX® foundation.
Duration
2 days
Important Advice
TISAX® is a registered trademark of the ENX Association.