TISAX
The Trusted Information Security Assessment Exchange (TISAX) is administered by the ENX Association on behalf of the German Association of the Automotive Industry (Verband der Automobilindustrie, VDA).
VDA developed an information security assessment (ISA) as a catalog of criteria for assessing information security. The VDA ISA is based on the ISO/IEC 27001 and ISO/IEC 27002 standards adapted to the automotive industry. In 2017, the VDA assessment was updated to cover controls for the use of cloud services.
TISAX – Information Security Compliance is the art and science of identifying, assessing and responding to project Information Security through out the life of project and in the best interests of its objectives. The process concerned with identifying, analyzing, and responding to uncertainty. It includes maximizing results of positive events and minimizing consequences of adverse events.
Information Security Assessment is PRO-ACTIVE :
- The potential for realization of an event that may affect the project for good or bad.
- A factor, element or direction involving uncertain hazards
- The term used to denote the probability of and event and its consequence
- Risk and uncertainty are inherently present in all projects
- Many time and cost over-runs are due to
– unforeseen events
– inappropriate accommodation for uncertain foreseen events - Projects are unique; data for calculation is usually
insufficient; subjective judgment is usually required to assess
probabilities