根據TIMAX標準對關鍵IT系統進行TIMAX實施審計 TISAX implementation Audit of key IT systems according to TISAX standards_第1頁
根據TIMAX標準對關鍵IT系統進行TIMAX實施審計 TISAX implementation Audit of key IT systems according to TISAX standards_第2頁
根據TIMAX標準對關鍵IT系統進行TIMAX實施審計 TISAX implementation Audit of key IT systems according to TISAX standards_第3頁
根據TIMAX標準對關鍵IT系統進行TIMAX實施審計 TISAX implementation Audit of key IT systems according to TISAX standards_第4頁
根據TIMAX標準對關鍵IT系統進行TIMAX實施審計 TISAX implementation Audit of key IT systems according to TISAX standards_第5頁
已閱讀5頁,還剩5頁未讀, 繼續免費閱讀

下載本文檔

版權說明:本文檔由用戶提供并上傳,收益歸屬內容提供方,若內容存在侵權,請進行舉報或認領

文檔簡介

#GTBharat

SHAPINGAVIBRANTINDIA

TISAXimplementation

AuditofkeyITsystemsaccordingtoTISAXstandards

2023

01

WhatisTrustedInformationSecurityAssessmentExchange(TISAX),andwhydoyouneedit?

Companiesintheautomotiveindustryarerequiredtodemonstrateregularlyeverythreeyearsthattheymeettheinformationsecuritycriteria.

TheVerbandderAutomobilindustrieinformationsecurityassessment(VDAISA)catalogueofinformationsecurity

requirementspublishedbytheGermanAssociationoftheAutomotiveIndustryorVDAincludeskeyaspectsand

criteriaoftheinternationallyrecognisedISO27001standardandadditionallistsofcriteriathataredirectlyrelevanttotheautomotivesector,suchasdataprotectionandprototypeprotection.Inaddition,thereisafullydevelopedandcomprehensiveauditandexchangemechanism.

Theauditandreportingprocessesprovideahighdegreeofcomparabilityandtransparencyandthusbuildconfidencefortherelevantcustomers,who,therefore,increasinglyrequireaTISAXlabel.

TheTISAXonlineplatformallowsparticipantstoshareassessmentdatawhileatthesametimeallowingthemandauditproviderstocommunicatewitheachother.

Theoverarching

objectiveofTISAXisto

establishastandardisedlabelbasedoncommoncriteriawithinthe

automotiveindustry

andtocreateasharingspace/communitywhereIT/ISperformances

aresharedbetweenautomotiveplayers.

Relevance:

01

Cross-companyrecognitionoftheassessmentresults

amongstallTISAXparticipants

03

Effectiverisk

managementstrategies05

Highercredibilityforcertifiedorganisationsbetween

suppliersandcustomers

02

Broadacceptanceintheautomotivesector

04

Consequentorientationtocustomerneeds

06

Helpsinprotectingcriticaldataandreducingliabilities

TISAXassessmentdomains

Informationsecurity

?41controls

?Informationsecuritypolicies

?Informationsecuritymanagementsystem(ISMS)controls

?NecessarydomainforallTISAXlabels

Prototypeprotection

?22controls

?Physicalandenvironmentalsecurity

?Organisationalrequirements

?Handlingofvehicles,componentsandparts

?Requirementsfortrialvehicles

?Requirementsforeventsandshootings

Dataprotection

?4controls

?Policiesandprocedures

?Appointmentofaprivacyofficer

?Implementationofdataprotectionmechanisms

?Awarenessandtrainingofemployees

TISAXimplementation|2023

TISAXimplementation|2023

02

Registrationprocess

0102030405

Registrationon

theENXPortal

(assessmentandobjectiveselection)

Self-assessment(GrantThorntonBharat’sgap

assessmentandiImplementation)

Assessment(audit)

ReportSharetheassessment

resultwiththePartners

TISAXoffersaninternationally

recognisedstandardwiththe

requirementforinformationsecurity,prototypeprotectionanddata

protection.ThisenablesPartnerstohaveatrustedandtransparent

modeltogaugetheeffectivenessoftheirsuppliers’information

securitypractices.

01

TISAXisawell-recognisedstandardwithintheautomotiveindustryandthusallowsparticipantstoavoid

redundantauditsforeachcustomerandeasilyaccessnewbusiness

opportunities.

02

TISAXoffersastandardsetof

requirementsandasingleassessmentwhichisvalidforthreeyears.This

reducesthecostofimplementationofsecuritycontrolsthrough

standardisationandhelpsavoidredundantchecks.

03

BenefitsofTISAX

?TISAXprovidesamodularapproachfor

assessments.TISAXassessmentsarescoped

accordingtotheassessmentobjectives

recommendedbytheoriginalequipment

manufacturer(OEM)ortheonesselectedbythesupplier.TISAXallowsparticipantstotailorthe

scopeofassessmentaspertheiroperationsandselectanycombinationofassessmentobjectivesandgetthecorrespondingTISAXlabel.

?TISAXalsohassixmaturitylevelsandthree

assessmentlevelstochoosefrom.TheissuanceofaTISAXlabelrequiresorganisationstohaveamaturitylevelofatleastthree(established),andtheminimumassessmentlevelrequiredisAL2.

?TISAXimplementationandadoptioniseasierforTier1autocomponentplayers,giventheyhavesomeIScontrolframeworksalreadyinplace

aroundprototypeanddataprotection.

TISAXimplementationhelpsTier2auto

componentplayersbygettingthemrecognitionfromOEMs.Itallowsparticipantstotailor

thescopeoftheirassessmentsaspertheir

operations,therebyhelpingintheadoptionofotherISframeworksaswell.

04

TISAXhelpsorganisationstoprotecttheirtechnicalknow-how,confidentialinformationandintellectualpropertythroughgloballyrecognisedtools

andprocesses.

TISAXimplementation|2023

03

WhyGrantThorntonBharat?

GrantThorntonBharatisaglobalproviderofknow-howandastrongpartnerwithextensiveexpertiseinareassuchasinformationsecurityandTISAX.Currently,weareoneofthefewconsultanciestoprovideTISAXsupportacrossIndia.

Weuseourindustry-specificexperiencefromvariousother

engagementswithintheautomotivesectorintheTISAXsupport

process.WehaveworkedwithIndianvehiclemanufacturinggiants

andareawareofthechallengesfacedwithintheautomobile

industryinIndia.Ourteamofinformationsecurityprofessionals

comeswithindustryexperienceanddomainknowledgeandhasall

thetoolstohelppreparefortheTISAXassessmentandimplement

therequirementsaspertheVDAISA.Theteamundergoesmultiple

trainingsandisupdatedonallthechangestothisdynamicstandard.Apartfromthis,ourteamproactivelylooksforthelatestrevisionsandchanges,andtheentiretoolsetisupdatedwitheachrevision.

Plan

Implementationapproach

?Scopeestimation

?Understandingthe

organisationanditsprocesses

?ENXregistrationsupport

?Projectplanning

Act

?Improvementand

sustenanceactivities

?Accommodatechangesintheorganisation

?Implementcorrectiveactions

Do

?Performgapanalysisand

highlightpositiveaspectsandshortcomings

?Liaisebetweenstakeholdersforgapclosure

?Providerecommendationsandimprovementpoints

?Trainingandawareness

Check

?Performself-assessmentagainstthelatestVDAISAquestionnaire

?ProvidematurityscoreagainstTISAXcontrolsforthefinal

assessmentbyENX

?Supportthestakeholdersinthecertificationaudit

Postimplementation,ourteamensuresconstantsupportforandduringtheTISAXcertificationaudit,makingthecertificationprocesssmoothforourclients.

Weare

ShapingaVibrantBharat

AmemberofGrantThorntonInternationalLtd,GrantThorntonBharatisattheforefrontofhelpingreshapethevaluesintheprofession.WearehelpingshapevariousindustryecosystemsthroughourworkacrossAssurance,Tax,Risk,Transactions,

TechnologyandConsulting,andaregoingbeyondtoshapeamore#VibrantBharat.

OurofficesinIndia

ScanQRcodetosee

ourofficeaddresses

www.grantthornton.in

●Ahmedabad●Bengaluru●Chandigarh●Chennai●Dehradun●Delhi●Gurgaon●Hyderabad●KochiKolkataMumbaiNoidaPune

Connect

withuson

@Grant-Thornton-Bharat-LLP@GrantThorntonBharat

@GrantThorntonIN@GrantThorntonBharatLLP

@GrantThornton_Bharat

GTBharat@

SaketMehra

PartnerandNationalSectorLeaderAutomotiveIndustry

GrantThorntonBharat

M:+919899008822

E:saket.mehra@

AmitTenglikar

Director

CyberandITRisk

GrantThorntonBharat

M:+919686977750

E:amit.tenglikar@

AkshayGarkel

PartnerandLeader

CyberandITRisk

GrantThorntonBharat

M:+919820208515

E:akshay.garkel@

SeemaVerma

AssociateDirector

Cyber

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯系上傳者。文件的所有權益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網頁內容里面會有圖紙預覽,若沒有圖紙預覽就沒有圖紙。
  • 4. 未經權益所有人同意不得將文件中的內容挪作商業或盈利用途。
  • 5. 人人文庫網僅提供信息存儲空間,僅對用戶上傳內容的表現方式做保護處理,對用戶上傳分享的文檔內容本身不做任何修改或編輯,并不能對任何下載內容負責。
  • 6. 下載文件中如有侵權或不適當內容,請與我們聯系,我們立即糾正。
  • 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論