Register now and receive the link to the webinar recording "Mastering TISAX®: Seamless Shift to ISA Catalog 6.0 Explained" free of charge.
Duration: 01:30 hours
The launch of ISA catalog 6.0 is quite an event for TISAX®. It brings in new rules for auditees as per the TISAX® ACAR 2.2 standards. Now with English being the main language, it's clear we're thinking global, aiming to upgrade the requirements catalog together.
Here is what's new: The 'Information Security' tag is getting a makeover. 'Information security high' will now be 'Availability high' and 'Confidentiality high'. The same goes for 'Information security very high', which will split into 'Availability very high' and 'Confidentiality strict'. Both these new tags will stick to a basic set of rules, but they'll also have their own extra needs for tighter security. So, the checks will be quite specific, based on these tags.
Now, if your firm is a big wheel in the supply line, you've got to line up with these 'high availability' or 'very high availability' standards. Operational Tech (OT) systems, which are key in production, will get more attention. This shift is because of the IEC 62443 standards leading to new demands in the ISA book. It means that not just IT, but also industrial networks and control systems are under the TISAX® lens. And yes, if your company handles secret development and production controls, you need to show that you can keep it safe, matching up to the 'confidentiality high' or 'very high' standards.
Even if your company isn't a giant in the supply chain but still deals with confidential info, you'll have to meet the 'confidentiality high' or 'strict' criteria from the ISA catalog.
The whole idea is to make sure companies only bother with what's necessary for them from the ISA catalog. But there's a twist for manufacturing units: OT systems now need to be managed just like IT systems under TISAX®, covering everything from asset handling to risk management.
Product Manager and expert in information security and software development. Holger Schmeken also contributes his expertise as an auditor for ISO 27001 with KRITIS audit procedure competence.