The automotive industry is constantly changing and therefore requires constant adaptation and compliance with security standards. With TISAX® (Trusted Information Security Assessment Exchange), the industry has established a standard for the auditing of information security and cyber security. TISAX® is based on the information security requirements (in German: ISA) of the German Association of the Automotive Industry (in German: VDA). These were recently updated to version 6. We summarize key innovations and explain the significance of ISA version 6 in the context of TISAX® and the benefits of professional TISAX® consulting.
🔒 New focus on the availability of IT and operational technology
Increasing cyber threats such as ransomware attacks have prompted ISA Version 6 to place special focus on the availability of IT and OT resources. This is crucial to ensure the maintenance of business processes and the integrity of production chains.
🔒 Globalization through English as a leading language
To keep pace with the challenges of globalization and to achieve a clearer and more consistent implementation, ISA Version 6 was switched to English as the leading language.
🔒 Instructions for implementation and revised data protection catalog:
The new version contains new, practical implementation guides with concrete examples and advice on how to implement the security controls. The revised data protection catalog helps organizations to better and more easily meet the requirements of the GDPR.
🔒 New and revised controls:
The introduction and revision of controls such as software approval and incident and crisis management are crucial steps towards improving organizational cybersecurity practices. With six new control questions and changes to existing control questions, ISA version 6 focuses more on resilience to ransomware attacks, detection and response to security incidents and recovery from an attack. The new version will therefore also bring improvements in these areas.
🔒 References to other standards:
The new version includes references to other key security standards and implementation guidelines such as ISO/IEC 27001, BSI Grundschutz (German Standard) and NIST Cyber Security Framework to enable a harmonized and comprehensive security assessment.
🔒 The transition to the new version 6 is mandatory
The need to switch to the new version by April 1, 2024 at the latest requires strategic planning. Existing assessments will remain valid as long as the TISAX® labels does not expire, and new assessments from the effective date will be conducted in accordance with ISA version 6.
The transition to ISA Version 6 can be facilitated by using TISAX® advisory services. Professional consultants can help to understand the new requirements, plan the implementation and successfully renew the TISAX® label.
🔒 Summary
The updates in VDA ISA Version 6 are a crucial step towards strengthening the cybersecurity infrastructure in the automotive industry. The renewal and expansion of controls, the integration of references to other key security standards and the clear changeover guidelines provide a robust basis for the further development of information and cybersecurity practices in the industry.
By engaging professional TISAX® advice, organizations can ensure they are well positioned to effectively implement the new standards and optimize their cybersecurity strategies. Ongoing dialog between TISAX® consultants and companies will be essential to ensure a secure and compliant environment in this rapidly changing industry landscape.
Our Experts
Would you like to find out how our team of experts can support your company? Do not hesitate to contact us! We will be happy to present our solutions to you in a non-binding introductory meeting.
