Skip to main content
All CollectionsTISAX
TISAX: VDA ISA Navigation
TISAX: VDA ISA Navigation
Fabiola Munguia avatar
Written by Fabiola Munguia
Updated over 12 months ago

Welcome to our tutorial on navigating the VDA ISA. At first glance, the document may seem daunting, but with some demystification, it'll become much clearer. We'll cover setup, and key features, and provide background to effectively use this essential standard for automotive industry information security.

🚗 💨 Let's dive in:

Table 7. Mapping between TISAX assessment objectives and ISA criteria catalogues

No.

Assessment objective

ISA criteria catalogue(s)

1.

Info high

Information Security

2.

Info very high

Information Security

3.

Confidential

Information Security

4.

Strictly confidential

Information Security

5.

High availability

Information Security

6.

Very high availability

Information Security

7.

Proto parts

Prototype Protection

8.

Proto vehicles

Prototype Protection

9.

Test vehicles

Prototype Protection

10.

Proto events

Prototype Protection

11.

Data

Information Security
Data Protection

12.

Special data

Information Security
Data Protection

source: ENX Participation Handbook

Table 8. Applicability of requirements to the assessment objectives

No.

Assessment objective

Applicable requirements

1.

Info high

  • Criteria catalogue “Information Security”

    • Column “Requirements (must)”

    • Column “Requirements (should)”

    • Column “Additional requirements for high protection needs”

2.

Info very high

  • Criteria catalogue “Information Security”

    • Column “Requirements (must)”

    • Column “Requirements (should)”

    • Column “Additional requirements for high protection needs”

    • Column ​“Additional requirements for very high protection needs”

3.

Confidential

  • Criteria catalogue “Information Security”

    • Column “Requirements (must)”

    • Column “Requirements (should)”

    • Column “Additional requirements for high protection needs”
      (but only those marked with a “C” as in Confidentiality)

4.

Strictly confidential

  • Criteria catalogue “Information Security”

    • Column “Requirements (must)”

    • Column “Requirements (should)”

    • Column “Additional requirements for high protection needs”
      (but only those marked with a “C” as in Confidentiality)

    • Column ​“Additional requirements for very high protection needs”
      (but only those marked with a “C” as in Confidentiality)

5.

High availability

  • Criteria catalogue “Information Security”

    • Column “Requirements (must)”

    • Column “Requirements (should)”

    • Column “Additional requirements for high protection needs”
      (but only those marked with an “A” as in Availability)

6.

Very high availability

  • Criteria catalogue “Information Security”

    • Column “Requirements (must)”

    • Column “Requirements (should)”

    • Column “Additional requirements for high protection needs”
      (but only those marked with an “A” as in Availability)

    • Column ​“Additional requirements for very high protection needs”
      (but only those marked with an “A” as in Availability)

7.

Proto parts

  • Criteria catalogue “Prototype Protection”
    But only these chapters:
    8.1 Physical and Environmental Security
    8.2 Organizational Requirements
    8.3 Handling of vehicles, components and parts

    • Column “Requirements (must)”

    • Column “Requirements (should)”

8.

Proto vehicles

  • Criteria catalogue “Prototype Protection”
    But only these chapters:
    8.1 Physical and Environmental Security
    8.2 Organizational Requirements
    8.3 Handling of vehicles, components and parts

    • Column “Requirements (must)”

    • Column “Requirements (should)”

    • Column “Additional requirements for vehicles classified as requiring protection”

9.

Test vehicles

  • Criteria catalogue “Prototype Protection”
    But only these chapters:
    8.2 Organizational Requirements
    8.3 Handling of vehicles, components and parts
    8.4 Requirements for trial vehicles

    • Column “Requirements (must)”

    • Column “Requirements (should)”

10.

Proto events

  • Criteria catalogue “Prototype Protection”
    But only these chapters:
    8.2 Organizational Requirements
    8.3 Handling of vehicles, components and parts
    8.5 Requirements for events and shootings

    • Column “Requirements (must)”

    • Column “Requirements (should)”

11.

Data

  • Criteria catalogue “Information Security”

    • Column “Requirements (must)”

    • Column “Requirements (should)”

    • Column “Additional requirements for high protection needs”
      (but only those marked with a “C” as in Confidentiality)

  • Criteria catalogue “Data Protection”

    • Column “Requirements (must)”

12.

Special data

  • Criteria catalogue “Information Security”

    • Column “Requirements (must)”

    • Column “Requirements (should)”

    • Column “Additional requirements for high protection needs”
      (but only those marked with a “C” as in Confidentiality)

    • Column ​“Additional requirements for very high protection needs”
      (but only those marked with a “C” as in Confidentiality)

  • Criteria catalogue “Data Protection”

    • Column “Requirements (must)”

source: ENX Participation Handbook

Return to the main Certification Guide to progress further in your Certification Journey. Each step builds upon the last, deepening your understanding and implementation of the standards required for certification.

Related Articles
What policies do my employees need to accept on Secfix
TISAX: Assessment Objectives
TISAX: Scope
TISAX: Choosing Assessment Objectives
TISAX: Report & Final Steps
Did this answer your question?