In contrast to its predecessor (version 4.1.1), the new structure of the VDA-ISA catalog offers a clearer representation of the individual controls and their descriptions. Not least because of the graphical redesign of the catalog of requirements, the overall impression of the catalog of assessments is clearly clearer. In addition, additional assistance in the individual controls make generically described measures more tangible and transparent.
The information security module has been restructured so that it is more sensibly sorted by subject area. Questions, goals and requirements have been fundamentally revised. In addition, the Association of the Automotive Industry made sure that similar measures were combined so that there were no redundancies in the work packages.
Another major change in the new version is the elimination of the “Third Party Connection” module. The measures that were shown as a separate worksheet in the previous version no longer exist. However, the company to be implemented is not spared the necessary measures when connecting third parties, for example the direct IT connection to an automobile manufacturer. Rather, the measures were incorporated and incorporated into the “Information Security” module.
In addition to the changes and adjustments, the VDA has included three new controls in the assessment form. This is:
2.1.4 – New control “mobile working”
2.1.1 – New control “Suitability of employees”
4.1.1 – New control “Handling of identification means”
Measures for mobile working were already included in the previous version, but with the additional control, the Association of the Automotive Industry once again emphasizes the necessities when traveling to safety-critical countries. Also see our blog article on the dangers of business travel to China and the USA.
The complete VDA-ISA catalog can be downloaded from this link.