TISAX assessments scheduled to switch to VDA ISA 6.0 soon

The April transition date for vehicle manufacturers supply chain security assessments is rapidly approaching.

First announced last year, the roll out of VDA ISA 6.0, the German vehicle manufacturers association (VDA) new and optimised version of its Information Security Assessment (ISA) becomes effective on 1 April 2024.

The change was deemed necessary to simplify and streamline audits to the related ENX audit and exchange mechanism - Trusted Information Security Assessment Exchange (TISAX).

“The new VDA ISA 6.0 brings positive changes to TISAX assessments. It brings greater efficiency, user-friendliness, and accuracy to the assessment process, benefiting both our customers and auditors,” says DNV’s Alex Komlev, ICT Global Technical HUB Manager in DNV.

As with other industries the number of ransomware and other cyber threats is accelerating so information and cybersecurity are taking on a new importance. For the automotive industry supply chain security and confidentiality around new vehicle models and components are of paramount importance.

Consequently, manufacturers are requiring suppliers to take appropriate actions and demonstrate compliance with information security requirements, particularly with regard to confidentiality and an appropriate level of resilience against disruptions, both in the cyber realm and physical security.

VDA’s ISA 6.0 addresses this issue and after 1 April it will replace the older version 5. Among several changes are a greater focus on information technology and operational technology availability of suppliers, a completely revised data catalogue, new references to changed standards such as ISO/IEC 27001:2022 and NIST Cyber Security Framework Version 1.1 and additional implementation guidance.

“Preparations for transition to the new version 6.0 should already be underway, but if not, now is the time to begin as the switch date is only weeks away”, says DNV’s Alex Komlev and adds, “Achieving the TISAX label provides evidence you have the right controls to prevent security breaches and protect confidential information.  Our local automotive and information security experts and auditors speak your language and are ready to support throughout the TISAX certification process wherever you are."