Glossary

Information Security through VDA-ISA

The Information Security Standard of the Automotive Industry

Definition

TISAX® is a standard for information security required by most companies in the automotive industry, establishing itself as an industry benchmark.

The standard is based on ISO 27001, but certain requirements have been adapted and new ones added. Audits are conducted according to the specifications of VDA ISA, the German Association of the Automotive Industry. TISAX® is a registered trademark of the ENX Association.

Technical & organizational measures

Comprehensive documentation of policies or measures based on individual requirements
Mandatory implementation of certain requirements that were optional under ISO 27001
Adoption of requirements from ISO 27017, such as the selection of IT and cloud service providers
Additional requirement catalogs for connecting third-party companies to corporate networks, for processing personal data on behalf of others, and for handling prototypes

Introducing TISAX® and ISO 27001 together

If TISAX® certification is required, it is advisable to design the ISMS in such a way as to avoid duplicate implementation efforts, thereby satisfying both the typically less stringent requirements of ISO 27001 and the requirements of VDA ISA simultaneously.

TISAX® is a registered trademark of the ENX Association. 3einhalb GmbH has no business relationship with ENX.