TISAX® and ISO 27001 - Information security for the automotive sector
able to share best practice.
evidence a secure supply chain
have control over the results.
One of the areas we work with business on, is correctly scoping your security management system as over time it can change […]
Our security gap analysis will look to the security standard you are requesting and determine if your current performance meets your desired and expected performance […]
We have the ability and knowledge to deliver the most cost effective and certifiable ISO27001 implementation to meet your needs […]
We work and audit for a number of certification bodies and therefore are best placed and competent to conduct an internal audit that […]
If you are looking to have a resource manage your ISMS for a short time or maybe long term then we are more than happy to assist […]
For ISO 27001 we will conducxt monitoring audits annually, this will also be done for TISAX, to make sure that your security system is operational and being maintained.[…]
ParkinsonHowe has been in and around the motor industry supply chain for the last 10 years.
The first assignment was to conduct an ISO 27001 certification audit for Panasonic Europe.
Since that time we have conducted and delivered many security & ISO27001 gap assessments, audits and implementations.
For TISAX our role would be to carry out the following:
TISAX is a European automotive industry-standard information security assessment (ISA) catalog based on key aspects of information security such as data protection and connection to third parties.
TISAX combines the former Information Security Rules (ISA) of the German Verband der Automobilindustrie e. V. (abbreviated: VDA) with the Appendix A (Technical Controls) of the ISO/IEC 27001 and some Privacy requirements. This VDA-ISA catalogue exists for more than 10 years now and has been used by many global automotive companies
The ENX Association acts as global Governance-Organisation. ENX is the accreditation body which is "verifying companies", controls the quality of audits, the auditors, and exchanges the results amongst the subscribed partners.
The current version of the ISA standard was released in 2020.
AL1. Self-assessment to verify that the controls have been installed, and that the VDA ISA catalogue has been followed, evidence will be validated, a completeness check may also be performed.
AL2. Normally a remote audit and a detailed review of the self-assessment including the sampling of evidence that the VDA ISA catalogue has been followed. One of the purposes of this review is to verify and substantiate your self-assessment based on the documents and provided evidence.
AL3. On-site audit and a complete check of the VDA ISA catalogue and self-assessment including all evidence and interviews with control owners.