TISAX ComplianceTISAX Compliance
Company Updates

/

August 11, 2023

/

#

Min Read

TISAX Compliance

This is an external post, click the button below to view.
View Post

Ensuring information security is a crucial component of any connected vehicle software solution. That’s why assessment and compliance with industry standards such as those outlined by TISAX are crucial to long-term success. 

What is TISAX?

Trusted Information Security Assessment Exchange (TISAX) is a European automotive industry standard that is globally recognized and adopted. It was developed by the German Association of the Automotive Industry (VDA) alongside the European Network Exchange (ENX), an association of European automakers. 

Undergoing the TISAX auditing and certification process allows companies to assess the information security of their suppliers based on their awarded “Information Security Assessment” (ISA) level. In other words, it simplifies a company’s individual efforts by providing a mechanism for the assessment of information security systems and the sharing of assessment results with pertinent parties. 

The Auditing Process

The auditing process usually begins when an automaker requests a potential partner or supplier to prove that their company’s information security management system (ISMS) meets a defined ISA level. However, it can also be initiated independently by a supplier, which is how Sibros proceeded with certification. The entire TISAX process involves three steps, some of which have several sub-steps. 

Step 1: Registration

The registration phase is where the company prepares for the audit and registers its intent to undergo assessment. It begins with compiling information to determine the scope of the assessment, as well as to define the assessment objectives. Before entering the online portal and submitting registration, a legal agreement with ENX must be signed. This includes but is not limited to a nondisclosure agreement (NDA) and contractual terms and conditions. Once all the paperwork and preparations are in order, the company must register online via the ENX portal. 

Step 2: Assessment

During this stage, a TISAX auditor conducts a thorough assessment of the company, after which they award an ISA level. 

First, the company must undergo an ISA self-assessment to determine whether or not they are prepared for a third-party assessment. The amount of preparation required varies depending on the information security management system’s maturity level. If any gaps or deficiencies are found in the self-assessment the company must then address these prior to moving forward with TISAX certification. 

Next, is the selection of a certified TISAX auditor or audit provider. This provider will conduct their own information security assessment, the scope of which is based on pre-specified requirements (i.e. certain certification levels do not require the assessor to be on-site). Similar to the self-assessment, if any areas do not meet expected standards the company may develop and implement a corrective action plan prior to a follow-up assessment. 

Once the assessment is complete the company is awarded with its results via the ENX portal. These are valid for three years and include an official TISAX audit report

Step 3: Exchange

During the final stage of the assessment, the audited company can share its results with customers and potential partners. This is all accomplished through the ENX portal and results are only shared with parties that have been authorized by the certified company.  

The Importance of TISAX & Sibros’ Compliance

To achieve an Assessment Level 3 certification, the highest level available in the automotive industry, all assessment checkpoints must be verified on-site and by a third-party assessment body.

Sibros selected TÜV Nord as its audit provider and received the following results: 

  • High Availability
  • Very High Availability
  • Information with High Protection Needs
  • Information with Very High Protection Needs
  • Data Protection according to EU-GDPR Art. 28 ("Processor")
  • Data Protection according to EU-GDPR Art. 28 of special personal data
Reproduction of Sibros' ISA 4 Results (for original report please contact us)

In summary, Sibros’ ISMS meets the TISAX framework requirements and was awarded Assessment Level 3 for all assessed categories, along with a protection level of "Very High", and an overall maturity level of 3.0. These labels are valid until 2026. The successful completion of this TISAX audit demonstrates Sibros’ strong commitment to information security and its ability to meet the standards required by its customers and partners. To learn more about Sibros’ safe and secure connected vehicle platform talk to us today. 

Mahesh Venugopala
Mahesh Venugopala
Mahesh Venugopala serves as Senior Director of Security at Sibros where he is repsonsible for stewarding cybersecurity practices, methods and frameworks across the company's suite of cloud-based and embedded software products. Prior to joining Sibros, Mahesh was responsible for security at Autonomic (a subsidiary of Ford), a SaaS data platform managing billions of connected vehicle signals and events per day. Mahesh has over 20 years of experirence across roles in product security, security architecture, cryptography, key management, encryption in transit and rest, cloud security, secure software development life cycle (SDLC), and secure DevOps.

Related posts

Blog Post
Unlocking the Potential of Software-Defined Trucks
Blog Post
Perform Predictive Diagnostics and Analytics Across Your Fleet
Press Release
Sibros Partners with Harbinger to Revolutionize the Medium-Duty Vehicle Industry
Press Release
BW Auto World 40 Under 40 Winner: Mayank Sikaria - Technological Strides In Auto Industry

Latest Posts

Unlocking the Potential of Software-Defined Trucks
Data
Software
Sibros Blog Tags
Blog Post
share Created with Sketch.
Unlocking the Potential of Software-Defined Trucks

The rise of software-defined trucks is a game-changer, marking a significant leap toward smarter, more efficient, and highly customizable transportation solutions.

Stepping Up to the Challenge of Fleet Electrification: Xos and Sibros
Customer Stories
Sibros Blog Tags
Video
share Created with Sketch.
Stepping Up to the Challenge of Fleet Electrification: Xos and Sibros

Saleh Heydari, VP Software at Xos, talks about how Sibros’ over-the-air update solution aligns with Xos mission of streamlining electrification for fleets.

The Recall Notice: Keep Singing that Automotive Recalls Song
Recalls
Sibros Blog Tags
Blog Post
share Created with Sketch.
Keep Singing that Automotive Recalls Song

Explore the latest software-related NHTSA recalls and how OTA updates and data logging have the ability to revolutionize vehicle safety and maintenance.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept
Products
Solutions
Company
Resources
Ready to Get Started?
Reach out to schedule a demo and learn more.
Get Connected
Copyright @ 2024 Sibros Technologies Inc.
All Rights Reserved.