#245 What's The Difference Between TISAX and ISO 27001? Podcast Por arte de portada

#245 What's The Difference Between TISAX and ISO 27001?

#245 What's The Difference Between TISAX and ISO 27001?

Escúchala gratis

Ver detalles del espectáculo
For those in the automotive industry, namely suppliers working with European OEM's, you're likely familiar with TISAX but not necessarily with the Standard that many of its requirements originate from. ISO 27001 is the leading Information Management Standard, and its Annex A forms the basis of TISAX, however there are many differences between the two. For Automotive suppliers looking to create a more holistic Information Security Management System, it can be beneficial to implement elements of both even if you don't intend to certify to both. In this episode, Ian Battersby is joined by Emma Coxhill, isologist at Blackmores, to explore the differences between TISAX and ISO 27001, how existing ISO 27001 compliant management systems can be leveraged for TISAX compliance and the benefits of implementing both Standards for automotive suppliers. You'll learn · How does TISAX differ from ISO 27001? · How does the recertification / annual surveillance for TISAX and ISO 27001 differ? · Can a company have TISAX without ISO 27001 and vice versa? · How can an existing ISO 27001 certification be leveraged for TISAX? · What are the additional benefits of implementing both TISAX & ISO 27001? · What is a reasonable timeframe for implementing TISAX? · The key role of Internal Audits · How can Blackmores support companies in implementing TISAX? Resources · Register for our TISAX webinar here · ENX · Isologyhub In this episode, we talk about: [02:05] Episode Summary – Emma Coxhill joins Ian to dive into the key differences between ISO 27001v Information Security and TISAX, including the benefits of implementing both and how each can be leveraged to assist in the implementation of the other. [03:10] What is TISAX? TISAX was developed for the automotive industry by the German Association of the Automotive Industry, VDA, and it's managed by the ENX Association. It's based on the ISO 27001 Annex A controls, and was created for the automotive industry because they were looking to standardise the framework for assessing and sharing information security results between manufacturers and their suppliers. [04:20] How does TISAX differ from ISO 27001? ISO 27001 is a general Information Security management Standard, it can be applied to any business, whereas TISAX is only applicable to the automotive industry. ISO 27001 includes a framework of requirements that everyone must implement, whereas TISAX has a more customisable element. With TISAX you can select an applicable level and relevant subject areas for your operations. The last main difference is the fact that ISO 27001 certification ends in a certificate which can be shared and displayed wherever you want. TISAX in comparison has Labels, which are only available through the ENX portal where you have control over who can access them. [05:15] How does the recertification / annual surveillance for TISAX and ISO 27001 differ? The good news is that TISAX is a bit more forgiving than ISO when it comes to a recertification cycle. TISAX does not require an annual Surveillance like ISO 27001, instead once you've earned a Label it remains valid for 3 years. ISO 27001 in comparison requires an annual Surveillance for each year until the 3rd when you have your Recertification Audit. If you have a significant change to scope part way through your 3 years of TISAX, you will need to have a chat with your auditor to see if extra work is required. This will depend on your level, with higher levels likely to require some additional work and for you to adjust your scope within the ENX portal. Overall, a TISAX label is less of a burden than traditional Management System Standards like ISO 27001. However, TISAX is a lot more strict and will require more upfront preparation ahead of earning your Label. [07:30] Are Internal Audits required for TISAX? They are, but the amount and frequency are a lot more flexible than ISO 27001. You can do as many as you like, but at a bare minimum we recommend you conduct internal audits 6 months ahead of your TISAX label expiring to ensure you're ready for re-certification. You can of course carry on with annual internal audits to make sure you're on track. This can be handy if specific clients ask for further evidence of you following processes in accordance with TISAX requirements. [08:35] Can a company have TISAX without ISO 27001 and vice versa? You can! Both are independent Standards, however they do compliment each other. Organisations that hold both have a competitive advantage, as ISO 27001 applies to all industries and is more widely recognised. However, if you only operate in the automotive space, TISAX may be sufficient. If you supply to multiple sectors, it's worth considering implementing both TISAX and ISO 27001. [09:25] How can an existing ISO 27001 certification be leveraged for ...
Todavía no hay opiniones