Since October 1, 2020, the new VDA ISA Catalog 5.0 has applied to all new TISAX® assessments. According to the VDA, the previous version 4.1.1 has been "fundamentally revised and optimized in terms of content". Working with the new TISAX® 5.0 test catalog should now be easier and more efficient - for users and assessors alike. Read more now.
VDA ISA 5.1 - Major changes from the 5.0 version
Most of the changes in the VDA Information Security Assessment (ISA) catalog 5.1 have been made to the "Information Security" module. According to the change history in the VDA ISA Catalog 5.1, the following changes and adjustments have now been added:
- Elimination of ambiguities, correction of spelling errors and expressions, linguistic clarification
- Restructuring of spreadsheet "Welcome", definition of spreadsheets moved to "Definitions"
- Addition of protection goals regarding requirements for high and very high protection needs in the "Information Security" spreadsheet
- Removal of the "Addressed protection goals" column in the "Information Security" and "Prototype Protection" spreadsheets
- Contents of the "Usual process owner" column in the "Information security" and "Prototype protection" spreadsheets cleared out
As early as version TISAX® 5.0, the contents of the "Third-party connection" module, including test targets, were integrated into the "Information security" module. The following three modules continue to exist:
- Information Security
- Data protection
- Prototype protection
The term "third party connection" described the situation in which a TISAX® user has its own location on the premises of a partner and may access (via direct network connections) the partner's systems.
TISAX®: Good planning for successful assessments
Are you faced with the task of meeting automotive industry requirements in terms of information security? Then you should make some important decisions in advance of a TISAX® assessment. Our free White Paper provides guidance.
What are the deadlines for users?
As of now, version VDA 5.1 applies. For organizations that use or have introduced TISAX® , the publication of version 5.1 results in the following situation:
Since 2022, the new version 5.1 has been applied to all new TISAX® assessments. For all assessments assigned up to the aforementioned date, version 5.0 was still applied until March 31, 2021 (last audit day).
TISAX® - Information security in the automotive industry
For suppliers or service providers in the automotivesupply chain ★ Proof of information security ★ Recognized by all participants in the TISAX network
Tisax5.1® 5.1 - Background information
Tisax® is based on the VDA ISA catalog developed by the German Association of the Automotive Industry (VDA), a comprehensive questionnaire that is essentially based on the so-called "controls", the reference measures from Annex A of the information security standard ISO 27001, and adapted to automotive-specific concerns.
In the meantime, ISO 27001 has been revised and republished on October 25, 2022. The revision mainly applies to Annex A. However, TISAX® 5.1 still refers to the old version of Annex A of ISO 27001:2017. A corresponding adaptation to the new controls is expected for the next version of the catalog.
ISO 27001- Information Security Management System
Holistic management system according to ISO standard ★ Effective implementation of a risk management process ★ Continuous improvement of the security level
TISAX® is primarily aimed at companies that want or need to demonstrate a certain level (Level 1 to 3) of information security in order to work with a (participating) automotive manufacturer. The ENX Association, based in Frankfurt am Main and Paris, is entrusted with the implementation and monitoring of the procedure. ENX is an association of European automotive manufacturers, suppliers and four national automotive associations, including the German ENX founder VDA.
DQS - The right partner from the start
DQS is approved as an audit service provider by ENX and can therefore perform TISAX® assessments worldwide. All our TISAX® auditors are also approved auditors for the international standard ISO 27001, which means that both standards can be assessed by DQS at the same time and with less additional effort. We look forward to talking to you.
TISAX®-Assessment
Do you have any questions? Find out more. Without obligation and free of charge, we will gladly show you the procedure.
Access toTISAX® is gained by registering as a participant online on theTISAX® portal. This is the prerequisite for being able to commission an approved audit service provider such as DQS.
DQS Newsletter
André Saeckel
Product manager at DQS for information security management. As a standards expert for the area of information security and IT security catalog (critical infrastructures), André Säckel is responsible for the following standards and industry-specific standards, among others: ISO 27001, ISIS12, ISO 20000-1, KRITIS and TISAX (information security in the automotive industry). He is also a member of the ISO/IEC JTC 1/SC 27/WG 1 working group as a national delegate of the German Institute for Standardization DIN.