GR 114 - TISAX® Assessment (Trusted Information Security Assessment Exchange)

描述

TISAX® was developed by the members of the VDA e.V. (German Association of the Automotive Industry). TISAX® certification is required by many automotive suppliers.
The TISAX® standard supports the identification and mitigation of digital risks and ensures rapid remediation of information security incidents. This includes security data in the project development phases for parts and systems, as well as manufacturing process and automated networked production data. TISAX® is complementary to the ISO 27001 standard.
Participants will gain a comprehensive overview of the assessment process and learn how assessments are conducted, evaluated, and reported.
Since 2017, any company working for customers in the automotive industry can be required to submit a TISAX® approval in accordance with VDA-ISA. Suppliers and service providers in the industry need the TISAX® Label in order to continue to receive orders and avoid the threat of delisting.
Secure your competitive advantage over your competitors and join us on the path to your TISAX®.

Topics

1. Introduction to TISAX Assessment
2. Purpose and Types of TISAX Assessments
3. Assessment Preparation
4. Assessment Scenarios
5. Assessment Execution
6. Evidence Presentation
7. Assessment Criteria and Evaluation
8. Assessment Report and Findings
9. Corrective Actions and Remediation
10. Post-Assessment Review
11. Case Studies and Examples
12. Q&A Session
13. Conclusion

Aim

To provide participants with a comprehensive understanding of the TISAX assessment process, including its purpose, types, key steps, and best practices. Participants will gain insights into how TISAX assessments are conducted, evaluated, and reported.

Content

1. Introduction to TISAX® Assessment
A. Recap of TISAX Basics
B. Significance of TISAX Assessment

2. Purpose and Types of TISAX® Assessments
A. Understanding the Assessment Scope
B. Differentiating Between Level 1 and Level 2 Assessments
C. Third-Party and Self-Assessment

3. Assessment Preparation
A. Defining Assessment Objectives
B. Selecting Assessment Participants and Roles
C. Document Collection and Review

4. Assessment Scenarios

A. On-Site Assessment
1. Explanation and Benefits
2. Interaction with Assessors
3. Facility and Process Inspection

B. Remote Assessment
1. Explanation and Benefits
2. Virtual Evidence Presentation
3. Technology Requirements

5. Assessment Execution

A. Steps in the Assessment Process
1. Opening Meeting
2. Evidence Review
3. Interviews and Discussions

B. Assessors' Role and Conduct
1. Objectivity and Impartiality
2. Documenting Findings
3. Addressing Participants' Questions

6. Evidence Presentation
A. Organizing and Presenting Evidence
B. Demonstrating Controls Implementation
C. Importance of Clear and Traceable Documentation

7. Assessment Criteria and Evaluation
A. Mapping to TISAX® Requirements
B. Evidence Quality and Sufficiency
C. Non-Conformities and Observations

8. Assessment Report and Findings
A. Overview of Assessment Report
B. Classification of Assessment Result (e.g., Level 1, Level 2)
C. Addressing Identified Non-Conformities

9. Corrective Actions and Remediation
A. Developing Corrective Action Plans
B. Establishing Timelines for Remediation
C. Re-Assessment Process for Non-Conformities

10. Post-Assessment Review
A. Reviewing Assessment Process and Experience
B. Identifying Opportunities for Improvement
C. Incorporating Feedback into ISMS

11. Case Studies and Examples
A. Real-world Assessment Scenarios
B. Lessons Learned and Best Practices

12. Q&A Session
A. Addressing Participants' Assessment-related Questions
B. Sharing Insights and Tips

13. Conclusion
A. Recap of Key Assessment Steps
B. Encouraging Continuous Improvement

Prerequisites for participation

Participants should already have knowledge of ISO 9001 and/or ISO 27001. The training is aimed in particular at project managers for the development of new parts, information security managers, data protection officers, quality managers for management systems and internal auditors for integrated management systems.

Target audience

The target group of this training includes all specialists and managers who would like to or should conduct an TISAX® assessment. Furthermore, the training is also aimed at (future) consultants who would like to work as leading ISMS auditors.

Qualification Certificate

After passing the exam you will receive a certificate of qualification as a TISAX® internal assessor.

Duration

2,5 days

Important Advice

TISAX® is a registered trademark of the ENX Association.

日期

联系我们以预订'TISAX® Assessment (Trusted Information Security Assessment Exchange)'.