TISAX® (Trusted Information Security Assessment Exchange) is an industry-specific exchange mechanism of results from information security assessments in the automotive industry. These assessments are based on the VDA-ISA test catalog, which includes information security controls for information security (based on ISO 27001), prototypes, and data protection.
With a TISAX® assessment, you demonstrate the maturity of your information security management system (ISMS) according to your customer requirements. This can be done at different assessment levels and the additional requirements for prototype and data protection of your customers. As proof of the maturity of your information security management system, you are issued so-called test labels that you can share with your business partners
How important is TISAX® for suppliers?
Suppliers and service providers in the automotive sector often process extremely sensitive information from their clients and are therefore required to provide regular evidence that they meet information security requirements.
Until now, the audit was usually carried out by the manufacturers themselves based on the Information Security Assessment (ISA) requirements catalog. This often resulted in numerous companies having to undergo the same audit several times - for each client. With TISAX®, this additional effort can be reduced, because by releasing the results on the platform, companies can signal that their information security is TISAX®-compliant. For suppliers, a TISAX® label represents the entry ticket into the automotive industry and is obligatory for cooperation with OEMs.
Relationship between TISAX and IATF 16949
• IATF 16949 is a Quality Management system that includes customer-specific requirement
• VDA – members including BMW, Volkswagen Audi Group, and Daimler – has developed the Trusted Information Security Assessment Exchange (TISAX) label.
• The TISAX label is recommended by the VDA and it is mandatory to do business with certain VDA members.
• ISO/IEC 27001 focuses on the organization’s information security
• TISAX emphasizes the security of third-party information within the organization’s ISMS.
TISAX® assessment levels
There are 3 TISAX® assessment levels, as described below. You will select the appropriate level at the registration stage.
• AL 1: Self-assessment by the auditee. Assessment of existing self-declaration of the auditee
• AL 2: Plausibility check of self-assessment restricted to the evaluation of evidence and an expert interview
• AL 3: Full assessment including evaluation of evidence, on-site inspection, and expert interviews
How to implement TISAX
• 1st step - Preparation
Anyone interested in TISAX certification needs to register as a TISAX participant on the TISAX portal
• 2nd step - Self-assessment
No matter which assessment level an organization chooses to comply with, the first step to a TISAX certification is the self-assessment questionnaire
• 3rd step - Audit
For levels 2 and 3, the organization needs an approved auditor to conduct a remote plausibility check or on-site assessment visit
• 4th step - Optimization
After the audit, the auditor will draw attention to any findings that need to be addressed, and an action plan will need to be put together by the organization. After further action by the organization and checks by the auditor, the assessment will be completed.
• 5th step - Results
The auditor will upload the organization’s TISAX report onto the designated platform. The organization can then decide who the results can be accessed by and to what extent. Results are not publicly available.
A TISAX certification is valid for 3 years, after which the process must be repeated.
TISAX assessments use the VDA ISA requirements catalogue, which refers to the information security controls of ISO/IEC 27001 in Annex A.
The VDA ISA catalog comprises the key aspects and criteria of ISO/IEC 27001 and additional criteria, classified into three domains:
• Information Security Assessment - based on ISO/IEC 27001 Annex A
• Prototype protection requirements
• Data protection (concerning Article 28 of GDPR)
We’ll train you on how to implement and audit TISAX, so you’re confident and ready to obtain your TISAX labels.
• Introduction course, 1 day
• Implementation course, 2 days
• Internal auditor course, 2 days.
• TISAX assessment
The rapid pace of urbanisation in India is bringing denser mega-cities which in turn need higher & bigger buildings to cater to the requirements of residential & office buildings, in addition to, educational institutes, hospitals, and modern commercial hubs.
With this transformation, the enhanced emphasis on the safety of the built environment is very obvious. Not only during construction but post construction structural audits at regular intervals are needed in this era to ensure the safety of a huge population residing & working in cities.
Seismic activity and resultant earthquakes are a real challenge for our society to keep our people safe from such natural calamities.
A society like ours, always sitting at the Verge of a major earthquake, must take it seriously to avoid loss of life and property on a huge scale.
In such a scenario, structural audits of buildings are crucial to assess their safety, integrity, and overall structural health and capacity to withstand huge loads arising out of earthquakes.
Such structural audits help identify potential defects, deterioration, or weaknesses in the building's structure, ensuring preventive measures can be taken to avoid accidents or failures.
Regular audits contribute to public safety by addressing issues before they become serious, promoting the longevity of structures, and preventing unexpected collapses or accidents.
Needless to say, it is the job of expert professional structural engineers rather than a normal civil engineer.
In a structural audit for earthquake safety, below is the brief of activities to be typically conducted:
Assess the overall condition of the building, looking for signs of cracks, deformations, or structural damage.
Examine construction drawings and historical records to understand the building's design and construction details.
Conduct tests on building materials to determine their strength and integrity, especially if the construction occurred a long time ago.
Evaluate the building's response to seismic forces using computer models and seismic analysis techniques.
Perform dynamic testing to understand the natural frequency and dynamic characteristics of the building.
Assessment of Retrofitting Needs:
Identify areas where retrofitting or strengthening is required to enhance the building's seismic resistance.
Review as per Local Codes and Standards:
Ensure that the building complies with the latest seismic design codes and standards.
Recommendations and Mitigation Measures:
Provide recommendations for structural improvements or retrofitting measures to enhance the building's seismic performance.
These activities collectively help in deciding whether a building is safe against earthquake forces or whether rehabilitation/retrofitting is needed to meet safety standards.