The modern automotive industry faces many new challenges, as vehicles evolve with more complex data requirements and supply chains become increasingly interconnected, major Original Equipment Manufacturers (OEMs) require certain Standards as a mark of trust from potential suppliers. Currently, this trust is codified in TISAX (Trusted Information Security Assessment Exchange). For businesses that have not previously dealt with Standards, TISAX can be seen as a daunting regulatory hurdle. However, a TISAX label is more than a compliance check, it's a recognised mark that your organisation has robust information security measures in place specific to the automotive industry, including considerations for protecting key intellectual property and prototype innovations. In this episode, Ian Battersby is joined by Emma Coxhill, isologist at Blackmores, to explore what TISAX is, who it applies to, what it requires and how OEM's and automotive suppliers can take their first steps towards earning a TISAX label. You'll learn · What is TISAX? · Who is TISAX applicable to? · Why is TISAX important? · What are the 3 assessment levels within TISAX? · What are the 3 different subject areas within TISAX? · How is TISAX implemented? · Why does TISAX use labels instead of certificates – and how can people verify these? · What is the ENX portal and how does this help with supplier onboarding? · Where should companies start if they want to earn a TISAX label? Resources · Register for our TISAX webinar here · ENX · Isologyhub In this episode, we talk about: [02:05] Episode Summary – Emma Coxhill joins Ian to dive into the topic of TISAX, including who it's applicable to, why it's important and how businesses can make a start on earning a TISAX label. [03:40] What is TISAX? TISAX was developed for the automotive industry by the German Association of the Automotive Industry, VDA, and it's managed by the ENX Association. It's based on the ISO 27001 Annex A controls, and was created for the automotive industry because they were looking to standardise the framework for assessing and sharing information security results between manufacturers and their suppliers. [04:40] Who is TISAX applicable to? While applicable to the automotive industry, it encompasses quite a lot of businesses within this. This is because is applies to any organisation that handles sensitive data relating to vehicle development, manufacture and marketing. So, this can include any company providing car parts, vehicle software, cloud services, testing labs, engineering etc. Basically, any service providers to OEMs (original equipment manufacturers) will be applicable. TISAX can also be applicable for those dealing with automotive related events, marketing and photography, as new models are protected IP and will require related business to prove that they have the correct security requirements to ensure any potential prototypes are protected. [06:50] Why is TISAX important? Mainly, it gives the automotive industry a trusted, standardised way to ensure information security across the entire supply chain. Without it, the OEMs and suppliers can conduct their own audits, but it'll be their own interpretations or what is considered an adequate level of security. The industry saw this as an open door to chaos, so TISAX was created to protect highly confidential automotive information and support compliance with relevant data protection laws. However, now it's not so much a 'nice to have' Standard as it is a requirement to trade, especially within Europe. It's fast becoming a tender requirement, and many OEMs won't make it past the procurement process without a valid TISAX label. The ENX portal, where labels are registered, can also help speed up the on-boarding process. So, the whole TISAX system has been built for ease of access to help manufacturers choose suppliers that prioritise information security. [09:00] What's the consequence of not having a TISAX label? A loss of opportunities. Those within the automotive industry that don't have a valid label will be seen as a security risk, leaving them at a competitive disadvantage. [10:30] What are the 3 levels within TISAX? Unlike ISO 27001, TISAX has levels that depend on the level of data sensitivity that you're dealing with. Level 1: Self-assessment – Considered as 'normal risk' with general processing of data. Level 2: Remote Audit – Applicable to those dealing with confidential information such as design documents or internal projects. This requires both a self-assessment and an audit. Level 3: On-site Assessment – Highly confidential information, so this applies to those dealing with sensitive research, development information or prototype data etc. This requires a physical on-site assessment, as the qualified TISAX auditor will ...
Más
Menos
24 m
24 m
Feb 25 202630 m
48 m
26 m
17 m
17 m
Dec 17 202517 m