Project Description

Trusted Information Security Assessment Exchange (TISAX) for Automotive Industry
汽車業信息安全評估交流機制

Are you a supplier or service provider for the automotive industry? Do you need to assure customers that you are keeping their information secure – Participation in the TISAX Exchange.

On the request of some of the largest automotive manufactures, a common assessment and exchange mechanism, based on VDA Information Security Assessment (ISA) criteria, has been developed:  Trusted Information Security Assessment Exchange (TISAX).

Entrusted by VDA, ENX Association is operating the TISAX. ENX is a Managed Security Service for secure and reliable communication, being used by more than 1,000 automotive companies in over 30 countries.

You undergo a VDA Information Security Assessment (ISA) administered by an accredited audit provider, such as DQS. As a registered TISAX participant, your assessment result will be accepted by all other participants in the scheme.

您是汽車行業的供應商或服務提供商嗎? 您需要向客戶保證您的信息安全嗎? – 參與TISAX 交換機制。

在几家全球知名汽車主機廠的推動下,基於VDA 信息安全評估標準的一個共同認可評估和交換機制已經建立:TISAX汽車行業信息安全評估交流機制。

在VDA的信任下,TISAX由ENX協會運營。ENX是一個安全服務相關的信息交流機制,目前在30多個國家有1,000多家汽車行業的公司在使用此服務。

您接受由經認可的審核提供商管理的VDA ISA信息安全評估, 例如DQS。作為註冊的TISAX參與者,您的評估結果將被機制中其他的參與者接受。

Assessment Standard 評估标准

The VDA’s Information Security working group recently developed an information security assessment (ISA) based on essential aspects of ISO/IEC 27001 and 27002, but with the addition of a maturity level model. Version 4.1 of the VDA ISA was published in late-2018.

VDA的信息安全工作組最近在ISO/IEC 27001 和 27002 的基礎上開發了信息安全評估基準(ISA),但增加了成熟度級別模型。 VDA ISA的4.1版本於2018年末發布。

Harmonizatio of Security Levles 安全等级协调

A comparison within the automotive industry revealed differences between the companies regarding the number and the designation of information classification levels.
The VDA’s Information Security working group has developed a standard scheme for classifying information, which has been published as a White Paper.
In conjunction with the requirements of the VDA’s Information Security Assessment (VDA ISA), it helps to prevent misunderstandings and risks during the exchange of information and thus fosters appropriate information handling.
The VDA recommends its members to use this White Paper for orientation and to implement the described scheme for information classification in the companies.

汽車行業內的比較揭示了不同公司在信息分類水平的數量和名稱方面的差異。
VDA的信息安全工作組制定了一個標準的信息分類方案,並作為白皮書發布。
結合VDA信息安全評估基準的要求,它有助於防止信息交換過程中的誤解和風險,從而促進適當的信息處理。
VDA建議其成員使用該白皮書,並實施所述的公司信息分類方案。

Service Processes 服務流程
Organization 組織DQS 審核機構Remarks 備註
Implemented an information security management system according to the associated standards |
按相關標準運行資訊安全管理管理體系
Provide basic data to DQS |
向DQS提供基本信息
Service quotation and contract |
服務報價和合同
Confirmation | 確認
Register at TISAX portal |
在TISAX網站進行註冊獲得其訪問權
Determine scope and and assessment level |
確定範圍和評審層次
Registrations of the scope ID by ENX |
登記ENX提供的範圍編號
Annual fee | 年費
Select the authorized audit service provider |
選擇授權評審服務提供者
Place order to DQS to perform the assessment against VDA ISA |
向DQS要求提供基於VDA 信息安全評估基準的評審
Kick-off, document review (self-assessment) |
開始,文件評估(自評)
(Participation |
參與)
Assessment by DQS (level 2: off-site, level 3: on-site) |
DQS 評審 (第2層: 非現場, 第3層: 現場)
Participation |
參與)
The interim report is discussed |
評審報告草案的討論
Corrective actions to NCs, if any, within specified period |
如有不符合項,在規定時間內實施糾正措施
An effectiveness verification, by an assessment, on the actions taken |
通過一個評審來驗證措施的有效性
Assessment results uploaded to TISAX Database |
評審結果上傳到TISAX的數據庫
Listed with TISAX Label |
TISAX標籤將被列出
Select which TISAX participants can access which information |
決定哪些TISAX參與者可以查看哪些信息
At least one assessment every 3 years |
每3年至少進行一次評估
Monitored by ENX Association |
受ENX協會監控

Related News 相關新聞:

Completed IATF 16949 Internal Auditor Training Course with HKPC

March 26th, 2019|Comments Off on Completed IATF 16949 Internal Auditor Training Course with HKPC

Under the cooperation with Hong Kong Productivity Council (HKPC), DQS Academy has successfully delivered an IATF 16949:2016 Internal Auditor Training Course on [...]