TISAX Assessment Scheme Updates

With the release of ACAR_TISAX Specification of Assessments_Version 2.1, there are some changes to the TISAX assessment scheme.

a) For Assessment Level 2 (AL2), an alternative assessment approach is offered as a full remote assessment, which is referred to as AL 2.5.

For TISAX audits by authorized Audit Service Providers, the assessment levels include:

  • AL2 with plausibility check,
  •  AL2.5 with full remote assessment, and
  • AL3 with on-site audit (even at time of CoViD-19 pandemic)

b) For Simplified Group Assessment (SGA), on the basis of the original Sample Based SGA, another option of Rotating-Schedule SGA is offered.

  • For the option of Sample Based SGA, the sampled locations will be audited in the 1st year.
  • For the option of Rotating-Schedule SGA, all locations will be covered in 3 years.

What is TISAX?

On the request of some of the largest automotive manufactures, a common assessment and exchange mechanism, based on VDA Information Security Assessment (ISA) criteria, has been developed:  Trusted Information Security Assessment Exchange (TISAX).

VDA ISA is a catalogue of assessment criteria on information security, based on key aspects of the international ISO 27001 and 27002 standards, for automotive industry.

Entrusted by VDA, ENX Association is operating the TISAX. ENX is a Managed Security Service for secure and reliable communication, being used by more than 1,000 automotive companies in over 30 countries.

Click here to learn more about TISAX.

Technical Support by DQS:

  • DQS has been listed as one of few worldwide TISAX audit service providers, which is already in demand by automotive customers around the globe.
    Some automotive customers have completed TISAX audits by DQS.
  • DQS Academy will deliver public training courses to help customers understand the standard.

TISAX 審核方案更新

隨著 ACAR_TISAX 評審規格_版本2.1 的發布,TISAX 評估方案有一些變更。

a) 對於評估級別AL2,提供了一種完整的遠程評估作為替代的評估方法,稱為 AL 2.5。

對於授權審核服務商進行的 TISAX 審核,評估級別包括:

  • AL2 – 合理性檢查
  • AL2.5 – 完整的遠程評估
  •  AL3 – 現場審核(即使在 新冠疫情期間)

b) 對於簡化集團評估 (SGA),在原來的“基於樣本的集團評審”的基礎上,提供了另一種“輪流審核的集團評審”的選項。

  • 對於基於樣本的集團評審選項,所有抽樣地點將在第一年完成審核;
  • 對於 輪流審核的集團評審選項,所有地點將在 3 年內輪流覆蓋。

TISAX 是什麼?

在几家全球知名汽車主機廠的推動下,基於VDA 信息安全評估基準的一個共同認可評估和交換機制已經建立:TISAX汽車行業信息安全評估交流機制。

VDA 信息安全評估基準是在ISO 27001和ISO 27002 管理體系標準的基礎上爲汽車行業專門制定的。

在VDA的信任下,TISAX由ENX協會運營。ENX是一個安全服務相關的信息交流機制,目前在30多個國家有1,000多家汽車行業的公司在使用此服務。

按此瞭解更多關於此機制的資訊。

 DQS 的技術支援:

  • DQS 是少數幾家經授權的TISAX 評審服務提供商之一,該標準產品已經被汽車客戶所需。
    一些汽車客戶由DQS完成了TISAX審核。
  • DQS學堂 將提供公開培訓課程,協助客戶理解標準要求。