On August 4th, 2020 the Association of the Automotive Industry published a new version of the Information Security Assessment for TISAX® certifications. The current version 5.0 of the VDA-ISA catalog brings with it a new structure and fundamental changes in the structure of the modules. Find out more about the changes and the validity of the new requirements in our blog article.
What will change with the new version 5?
In contrast to its predecessor (version 4.1.1), the new structure of the VDA-ISA catalog offers a clearer representation of the individual controls and their descriptions. Not least because of the graphical redesign of the catalog of requirements, the overall impression of the catalog of assessments is clearly clearer. In addition, additional assistance in the individual controls make generically described measures more tangible and transparent.
The information security module has been restructured so that it is more sensibly sorted by subject area. Questions, goals and requirements have been fundamentally revised. In addition, the Association of the Automotive Industry made sure that similar measures were combined so that there were no redundancies in the work packages.
Another major change in the new version is the elimination of the “Third Party Connection” module. The measures that were shown as a separate worksheet in the previous version no longer exist. However, the company to be implemented is not spared the necessary measures when connecting third parties, for example the direct IT connection to an automobile manufacturer. Rather, the measures were incorporated and incorporated into the “Information Security” module.
In addition to the changes and adjustments, the VDA has included three new controls in the assessment form. This is:
2.1.4 – New control “mobile working”
2.1.1 – New control “Suitability of employees”
4.1.1 – New control “Handling of identification means”
Measures for mobile working were already included in the previous version, but with the additional control, the Association of the Automotive Industry once again emphasizes the necessities when traveling to safety-critical countries. Also see our blog article on the dangers of business travel to China and the USA.
The complete VDA-ISA catalog can be downloaded from this link.
When is the new version valid?
The previous version 4.1.1 is still the basis for future TISAX® certifications. From October 1st, 2020, Version 5 of the VDA-ISA catalog will be used for new TISAX® assessments. All companies that are currently preparing for TISAX® can use the previous catalog for ongoing assessments until March 31, 2021.
Would you like to be optimally prepared for your TISAX® audit? Are you currently introducing an ISMS, regardless of certification such as TISAX® or ISO27001? We would be happy to support you with these and other topics relating to information security and data protection. Contact us.
Here you can find out more about TISAX®
TISAX® is a trademark of the ENX Association.
Unser Team – Ihr Vorteil | Hier stellen wir uns vor.
Unser Team besteht aus erfahrenen Juristen, Webspezialisten, IT-Experten, zertifizierten Datenschutz- und Informationssicherheitsbeauftragten. Mit unserer Erfahrung, Expertise und erprobten Verfahren, helfen wir Unternehmen, praxisnahe Lösungen im Bereich Datenschutz und IT-Sicherheit zu finden. So helfen wir beispielsweise bei der Umsetzung der DSGVO oder der Einführung von Informationssicherheitsmanagementsystemen (ISMS).
This post is also available in: German