Scribd
Upload
28 views4 pages

Data - File Unde 1595305223

The Trusted Information Security Assessment Exchange (TISAX) is a standardized mechanism for assessing and exchanging information security in the automotive industry, developed by the VDA. It aims to ensure a unified level of information security, reduce redundant audits, and enhance trust between manufacturers and suppliers. PwC offers support in conducting assessments, identifying gaps, and achieving certification to help organizations comply with TISAX requirements.

Uploaded by

hhn262626
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
28 views4 pages

Data - File Unde 1595305223

The Trusted Information Security Assessment Exchange (TISAX) is a standardized mechanism for assessing and exchanging information security in the automotive industry, developed by the VDA. It aims to ensure a unified level of information security, reduce redundant audits, and enhance trust between manufacturers and suppliers. PwC offers support in conducting assessments, identifying gaps, and achieving certification to help organizations comply with TISAX requirements.

Uploaded by

hhn262626
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Trusted Information

Security Assessment
Exchange (TISAX)
Information security in What is TISAX and
the automotive industry why go for it?
Information security is a key success factor in the Trusted Information Security Assessment Exchange
automotive industry. (TISAX) is a common assessment and exchange
mechanism in the automotive industry and
It is important for the exchange of design data
beyond. It is an inter-company test and exchange
in development processes, functional security of
mechanism based on the VDA Information Security
manufacturing processes, automated data exchange
Assessment (ISA).
between networked production systems, as well as
for the availability and reliability of production. TISAX has been developed under the guidance
of the VDA to ensure a unified level of information
This also applies to vehicles, which have long been
security. TISAX brings standardisation, quality
computers on four wheels. As a service provider
assurance and mutual recognition of audits.
or supplier to the automotive industry, a company
must prove to customers, at regular intervals, TISAX provides for information security
whether it complies with standardised and specific assessments by audit providers in accordance with
requirements relating to information security. VDA standards and helps avoid redundant audits.

Forerunners of TISAX
The German Association of the ENX is a non-profit organisation that TISAX is a part of the ENX platform and
Automotive Industry (VDA) has was built in the year 2000. It is an establishes a common assessment and
developed a catalogue of questions for association of European automotive exchange mechanism in the automotive
Information security, based on the ISO/ manufacturers and suppliers. industry. The ENX Association acts as
IEC 27001 standard. The VDA published ENX is used for the exchange of a governance organisation of TISAX.
the questionnaire for checking information as it enables all partners It accredits the audit providers and
Information Security Assessment and to exchange data between companies monitors the quality of implementation
Information Security Management and across borders in a uniform, and assessment results.
(Version 4.1.0) in December 2018. harmonised way.

Scope of TISAX assessments


Information security management system (ISMS) Data protection
It is the basic module for determining the maturity of This module is required when the supplier
information security processes and their management. processes the personal data of customers.

This module is always necessary.


Number of controls: 4
Number of controls: 52

Connection with third party Prototype protection


This module is required when the supplier is connected This module is required when the supplier
to an IT network or a similar technical exchange of works with strictly confidential information
confidential data where the manufacturer is established. about prototypes. The focus is on the
Number of controls: 4 implementation of physical measures.

Number of controls: 22
Approach for TISAX assessments

Report provision Audit application


PwC
Report request
(Auditor) Audit and report

Accreditation
ENX

Auditee
Participant Link to the TISAX Release of
(participant in
(e.g. OEM) report (trusted anchor) the report
the supply chain)

Benefits of TISAX How PwC can help


Trusted partners for OEM Recognition
Creates trust for your Strengthens the existing
Conduct initial assessments
manufacturer, thereby helping alliance and promotes
you with contracts with various new business relations.
automotive manufacturers. Identify gaps

Uniform standard Awareness


Provides a harmonised standard Improves employees’
Support in remediating gaps
for information security within awareness pertaining
the automotive industry. to information security.

Maturity assessment Lower cost Support in certification


Helps assess the maturity Helps reduce costs and efforts
of the information security with the manufacturer and
controls in an organisation. suppliers related to multiple Revalidate assessments
information security assessments.

Why PwC? We deliver great value because we invest in sector solutions and work with our clients to build their
skills to achieve greater benefits. We believe we will deliver high value-added support to you through:

Diverse and experienced team Knowledge sharing and transfer


We are ready to work We have an experienced team and We are committed to working collaboratively
with you today and an approach that will address your with you and helping you identify your roadmap.
realise benefits for you... key challenges and bring out valuable As part of the engagement delivery, we, along
insights. A Cyber Risk team that brings with our centre of excellence team in Germany,
together 600+ IT and Cyber Risk will help you to secure the security gaps we
management professionals. identify during information security assessments.

We employ adaptive methodologies Client confidence


Our methodologies are robust yet flexible We form close, long-term relationships with
and we tailor them to the client environment. our clients. Our clients re-use our services
The key components in our methodologies and would recommend us to others. We are
include our well-tested framework and strong looking forward to a long-term relationship
database of risks and reference documents. with you.

We use the right set of technologies


We have deep and broad experience of information
security assessment, with the independence and
ability to bring in a fresh perspective with respect
to your organisation’s operation model.
About PwC
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 158 countries with
over 250,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us
what matters to you by visiting us at www.pwc.com
In India, PwC has offices in these cities: Ahmedabad, Bengaluru, Chennai, Delhi NCR, Hyderabad, Kolkata, Mumbai and Pune.
For more information about PwC India’s service offerings, visit www.pwc.in
PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity.
Please see www.pwc.com/structure for further details.
© 2019 PwC. All rights reserved

Accredited ISO 27001certification body Expert inspection body for data protection
The PwC Certification Services The PwC Certification Services
GmbH (former PERSICON) is GmbH (former PERSICON) is an
accredited by the “Deutschen acknowledged inspection body
Akkreditierungsstelle” (DAkkS) for data protection.
as an accredited test institute
for “Information Security
Management Systems” (ISMS)
subject to ISO 27001.
PwC is therefore entitled to
issue certificates according
to ISO 27001.

Contacts
P. Unnikrishnan Rachit Chhokera Shivakumar Jayashankar
Partner Associate Director Associate Director
Cyber Security Services Cyber Security Services Cyber Security Services
Email: [email protected] Email: [email protected] Email: [email protected]
Mobile: +91 9845118097 Mobile: +91 9820988266 Mobile: +91 9840131120

pwc.in
Data Classification: DC0
This document does not constitute professional advice. The information in this document has been obtained or derived from sources believed
by PricewaterhouseCoopers Private Limited (PwCPL) to be reliable but PwCPL does not represent that this information is accurate or complete.
Any opinions or estimates contained in this document represent the judgment of PwCPL at this time and are subject to change without notice.
Readers of this publication are advised to seek their own professional advice before taking any course of action or decision, for which they are
entirely responsible, based on the contents of this publication. PwCPL neither accepts or assumes any responsibility or liability to any reader of
this publication in respect of the information contained within it or for any decisions readers may take or decide not to or fail to take.
© 2019 PricewaterhouseCoopers Private Limited. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers Private Limited
(a limited liability company in India having Corporate Identity Number or CIN : U74140WB1983PTC036093), which is a member firm
of PricewaterhouseCoopers International Limited (PwCIL), each member firm of which is a separate legal entity.
HS/April2019-16523

You might also like