In the automotive industry, the networking of business processes between companies is giving rise to increasing risks in information processing. A specialized working group of the German Association of the Automotive Industry (VDA) therefore develops recommendations and tools for its members to protect information. (Further information on this topic can be found on the website of the VDA).
In close cooperation, a VDA view was created for verinice which simplifies the processing of ISA questions on the basis of ISO 27002 and facilitates the submission of results. This allows an Information Security Assessment (ISA) according to the requirements of the VDA with verinice. Version 5 of the corresponding VDA ISA catalogue is currently available.
verinice supports the VDA ISA catalog in version 5 for TISAX in German and English since version 1.21. Users can perform Information Security Assessments in the VDA perspective including the additional modules Prototypes, Third Party Connection and Data Protection. One of the aims of the complete revision of the VDA ISA that took place with Version 5 was to make working with the catalog simpler and more efficient, thereby also reducing the effort required by companies and assessors.
In addition, with an assessment according to VDA ISA 5, participation in the testing and exchange mechanism TISAX (Trusted Information Security Assessment Exchange) is possible. This in turn enables mutual recognition and exchange of assessment results between participants. The ENX Association oversees and manages the TISAX model.
The questionnaire is also interesting for users outside the automotive sector: It enables a guided self-assessment of the state of information security in one's own company and thus an introduction to the topic of IS management.
To carry out an IS assessment with verinice, you need a verinice client. Get the latest verinice version directly from verinice.SHOP.
If you have any questions about working with verinice or the VDA-ISA in particular, please use the verinice forum or contact us by mail.