TISAX® (Trusted Information Security Assessment Exchange) is a standard for information security defined by the automotive industry. Quam®, a product of Lintra plus GmbH, helps to complete certifications easier and faster. In this article you will read how TISAX® certification works and how you can accelerate this and other certifications with Quam®.
TISAX® certification: What is the problem?
Automobile manufacturers and suppliers exchange valuable data (assets) with each other. The aim is to ensure that trustworthy data is handled securely and carefully. To verify this, companies are asked by their partners to have their information security management audited. Previously, this was done individually for each request.
Due to the increasing effort for suppliers, the wish for a uniform certification arose, which is recognized by all parties. The result is TISAX®, short for "Trusted Information Security Assessment Exchange".
How can companies obtain TISAX® certification?
As a rule, the TISAX® process for companies starts with the request of one of their partners to submit a corresponding certificate. The TISAX® process has three steps and includes the following points:
1. Registration: The company indicates which information should be part of the audit. In addition, the assessment level (1: protection target normal, 2: protection target high or 3: protection target very high) is indicated, which determines the need for protection of the information and determines the type of testing. 2. Testing: The testing is carried out by one of the accredited TISAX® testing service providers and is based on self-assessments and/or on-site tests, depending on the protection objective. The verification process should be considered as a nested sequence of steps. After gaps in the information security management system have been found by the auditor, they must be closed by the company. The steps are performed alternately until all gaps are closed. 3. Exchange: The company receives a certificate valid for three years, which it can present to its partners.
How can Quam® help with TISAX®?
The Quam® creates a digital twin of the organization in which all processes, organizational structures, roles, essential resources and the entire management system of the company are graphically modeled and mapped. This makes it possible to check the requirements of new standards, guidelines or laws on one's own organization much faster, to identify necessary adjustments, to design and implement solutions and finally to document the fulfillment of the requirements, since all existing processes, organizational structures, roles, resources and the implemented compliance system can be used.
TISAX®is one of many standards that can be more easily met with Quam®.
Quam® as integrated management system (IMS)
In the integrated management system, system quality, process quality and the productivity of an organization are designed and documented with regard to various aspects such as conformity with quality standards, environmental standards, occupational safety standards or IT security standards, among others. The challenge here is to design and document compliance with various standards, rules, procedures, deadlines and the uniform use of specification documents in a system that is as redundancy-free and easily accessible as possible. Quam® serves to design, document, communicate to all employees on the intranet, encourage feedback, audit and constantly improve the organization the company strives for.
In the adjacent picture you can see how a standard, in this case DIN EN ISO 9001, can be displayed and edited in a Quam®. The clear structure ensures considerable time and cost savings. Especially for companies that have to submit to different certifications, Quam® is very worthwhile.
Quam® in action - latest example: GDPR
A more prominent and recent example is the GDPR. Companies using Quam® were able to save up to 75% of their time with regard to the necessary analysis, implementation and documentation of the requirements resulting from the GDPR, as the processes and IT systems relevant to data protection can be easily determined in a complete company model and the creation of the directory of the processing processes is thus greatly facilitated. In the Quam®, which appears in accustomed Microsoft Office environment, it is easy to identify adaptation needs at the organization by new or changed requirements, to sketch solutions and to inform employees about new and/or changed expirations or new roles and their responsibility, like for example the role of a data security officer.
You are now curious to test Quam?
Would you like to get to know Quam without obligation? We are pleased about that! Register now to experience Quam for 30 days - free of charge and without obligation.