TISAX Security consultant based in Manchester

AUTOMOTIVE SECURITY

TISAX® and ISO 27001 - Information security for the automotive sector

supply chain

able to share best practice.
Manufacturers

evidence a secure supply chain
participants

have control over the results.

AUTOMOTIVE SECURITY

Scoping or merging your security system

One of the areas we work with business on, is correctly scoping your security management system as over time it can change […]
Gap analysis and report

Our security gap analysis will look to the security standard you are requesting and determine if your current performance meets your desired and expected performance […]
IMPLEMENTING THE SECURITY REQUIREMENTS

We have the ability and knowledge to deliver the most cost effective and certifiable ISO27001 implementation to meet your needs […]
Internal Audit and Report

We work and audit for a number of certification bodies and therefore are best placed and competent to conduct an internal audit that […]
Security Maintenance and Support

If you are looking to have a resource manage your ISMS for a short time or maybe long term then we are more than happy to assist […]
Pre & Post monitoring

For ISO 27001 we will conducxt monitoring audits annually, this will also be done for TISAX, to make sure that your security system is operational and being maintained.[…]

Did you know?

attempts to hack SMB's occur in the UK every day
of UK companies have suffered data breaches in the last 12 months
of UK companies have reported a data breach incident

ENDORSEMENTS

ParkinsonHowe has been a trusted partner for over 5 years. Rob Howe is a dedicated professional that bring a high level of expertise to the information security audits he provides. I highly recommend his services to any organization that values quality and professionalism.

Director of Information Security
Panasonic
ParkinsonHowe are experts in ISO27001 and ISO22301, business continuity, disaster recovery, and information security. Rob's knowledge came from applied experience as well as expert-level training. I would recommend them for any task in the information security/cybersecurity field.

Security and Compliance Director
Undisclosed

Automotive Security Approach

Background

ParkinsonHowe has been in and around the motor industry supply chain for the last 10 years.

The first assignment was to conduct an ISO 27001 certification audit for Panasonic Europe.

Since that time we have conducted and delivered many security & ISO27001 gap assessments, audits and implementations.

For TISAX our role would be to carry out the following:
- Assit your business in the preparation of your Management System complying to ISO 27001:2013.
- Conduct a review to check whether your current security controls fulfill the defined set of requirements.
- Assist your businesses in closing the gaps within the required period.
- Conduct a final audit to checks that all areas previously identified have been closed
- be on hand and availble during the certification audits and afterwards
What is TISAX

TISAX is a European automotive industry-standard information security assessment (ISA) catalog based on key aspects of information security such as data protection and connection to third parties.

TISAX combines the former Information Security Rules (ISA) of the German Verband der Automobilindustrie e. V. (abbreviated: VDA) with the Appendix A (Technical Controls) of the ISO/IEC 27001 and some Privacy requirements. This VDA-ISA catalogue exists for more than 10 years now and has been used by many global automotive companies

The ENX Association acts as global Governance-Organisation. ENX is the accreditation body which is "verifying companies", controls the quality of audits, the auditors, and exchanges the results amongst the subscribed partners.

The current version of the ISA standard was released in 2020.
Assessment Levels

AL1. Self-assessment to verify that the controls have been installed, and that the VDA ISA catalogue has been followed, evidence will be validated, a completeness check may also be performed.

AL2. Normally a remote audit and a detailed review of the self-assessment including the sampling of evidence that the VDA ISA catalogue has been followed. One of the purposes of this review is to verify and substantiate your self-assessment based on the documents and provided evidence.

AL3. On-site audit and a complete check of the VDA ISA catalogue and self-assessment including all evidence and interviews with control owners.

Scoping or merging your security system
One of the areas we work with business on, is correctly scoping your security management system as it will change over time, our work meets that requirement.
- Looking to implement TISAX or ISO 27001 for the first time.
- Looking to expand/extend your existing security system to other parts of the business.
- Merging security management system’s after an acquisition.
All these areas can initially be confusing, and we are here to assist

Gap Analysis & report
Our security gap analysis will look to the security standard you are requesting and determine if your current performance meets your desired and expected performance. We have the expertise to conduct a gap analysis against the following common security standards:
- TISAX:
- ISO 27001:2013
If you require an assessment to establish your common level of security and mayturity as per:
- ISO 27017:2015
- ISO 27018:2020
- ISO 27701:2019
- CSA*
we are here to help.

Implementing the security requirements
We have the ability and knowledge to deliver the most cost effective and certifiable TISAX or ISO 27001 implementation to meet your needs, whether that be:
- Documents in MSWord or Excel.
- Cloud based software solutions
We have the knowledge, understanding and have worked on many different solutions, always bearing in mind that getting the best solution for you is paramount.

Internal Audit & report
We work and audit for a number of certification bodies and therefore are best placed and competent to conduct an internal audit that will firstly meet your requirements and secondly meet Certification and accreditation rules.

During our work we will seek to clarify ask for the following information
- Understand your current operational management system.
- Review your policies, procedures, and work instructions.
- Identify gaps in your implementation of security.
- Recommend security controls appropriate to your requirements.
- Internal audit timescales that match your current certification.
- Control testing to verify that control owbers are working within established limits.
- Process audit to verify that processes are working within established limits.
- Produce and deliver audit reports that meet ISO, UKAS and certification body standards.
All these areas can initially be confusing, and we are here to assist.

Security Maintenance & Support
If you are looking to have a resource to manage your security standards on an ongoing basis then we are more than happy to assist, we will work with your business and guide you for the lifecycle of certification and beyond. Should the standard change, we are in the best position to review and manage the changes in your management system.

Pre & post monitoring
ParkinsonHowe on request can performs information security internal audits and monitoring of your conformance which will provide you with the following benefits:
- Maintain your understand of the requirements of certification and the rules.
- Provides you with an understand of the weaknesses and areas to be addressed before re-certification audits.
- Allows the organisation to understand the audit processes.
- maintains and educates the control owners in understand what is required in terms of documentation and evidence when maintaining your standards or being present for certification audits.

© Copyright MCMXCVIII - MMXXI | ParkinsonHowe Ltd. Registered in England and Wales No. 3448184 | Privacy Policy | Terms of Use

Template by OS Templates