ISO Standards and Certification Process 

Management Systems Audit Service

ISO 27001, ISO 27701, ISO 9001, ISO 14001, ISO 45001 and their combinations.

TISAX Is a security standard devised by the German Association of the Automotive Industry (VDA) in 2017 to ensure a base level of information & cyber security in the European auto industry.

ISO Standards are developed by International Organization for Standardization.

Voluntary, consensus-based, market relevant standards.

Name derived from the Greek 'isos', meaning “equal”.

With external auditing services, you can strengthen your business by evaluating the quality and performance of your processes, products, and systems, identifying vulnerabilities, and initiating improvement measures. Well establish Management System and related documented information are solution to help your organization to control and comply with requirements of your customers and ISO standards. Knowledge and experience of external Auditor shall help businesses assess and maintain the quality of provided services and products; define and implement specifications based on customer requirements in conformance with industry standards and regulations. Standardization of processes shall assist you in process to achieve a quality-driven culture and enable your organization to reduce quality costs and regulatory risks, improve efficiency. Our expertise, and accountability shall assist you to carry out audits of Management Systems in reference to the requirements of ISO Standard.

TISAX (Trusted Information Security Assessment Exchange) is an assessment and exchange mechanism for the information security of enterprises and allows recognition of assessment results among the participants the automotive industry.

If you want to process sensitive information from your customers or evaluate the information security of your own suppliers, TISAX supports you in reducing efforts.

More information can be found at the link

- Excel file title “VDA Information Security Assessment” download

This is a copy of the current version of the Information Security Assessment questionnaire that will be the basis of TISAX Assessments.

This document is officially published by the VDA. Further information and the original download can be found on the VDA website.

- PDF file title “TISAX Participant Handbook” download

This handbook applies to all TISAX processes that you may be part of. It contains all you need to know to run through the TISAX process. The handbook offers some advice on how to deal with the information security requirements at the core of the assessment.

ISO 27001:2013 – Internationally recognized standard, ensures commitment to data protection and strengthen your reputation for reliability and professionalism. Information security – including the IT systems, components and processes involved are essential.

A robust IT security management system is always based on quality management, and above all on the organizational measures this requires.

Contains essential quality management requirements according to ISO 9001:2015.

ISO 27701:2019 - Internationally recognized standard, ensures establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization. Specifies PIMS-related requirements and provides guidance for PII (Personal Identifiable Information) controllers and PII processors holding responsibility and accountability for PII processing.

ISO 9001:2015 - Internationally recognized standard, ensures consistently high product or service quality and thus forms the basis for effective quality management. A systematic approach to quality management within the organization is especially important in order to meet the dynamic demands of global competition. Considered to be the origin of all quality standards.

ISO 14001:2015 – Internationally recognized standard, ensures safe workplaces and the efficient use of resources. A certified system supports your efforts to maintain a strong, consistent workforce and an effective, sustainable energy policy making your organization more competitive and increasingly profitable.

The Audit is systematic evidence gathering process. Audits shall be independent, and evidence shall be evaluated objectively to determine how well audit criteria are being met. There are different types of audits, i.e.: first-party, second-party, and third-party. First-party audits are internal audits while second- and third-party audits are external audits. Organizations use first party audits to audit themselves. First party audits are used to provide input for management review and for other internal purposes. They're also used to declare that an organization meets specified requirements. Second party audits are external audits. They’re usually done by customers or by others on their behalf. However, they can also be done by regulators or any other external party that has an interest in an organization. Third party audits are external audits as well.

ISO distinguishes between combined audits and joint audits. When two or more management systems of different disciplines are audited together at the same time, it's called a combined audit; and when two or more auditing organizations cooperate to audit a single auditee organization it's called a joint audit. A quality management system (QMS) is a set of interrelated or interacting elements that organizations use to formulate quality policies and quality objectives and to establish the processes that are needed to ensure that policies are followed, and objectives are achieved. These elements include structures, programs, practices, procedures, plans, rules, roles, responsibilities, relationships, contracts, agreements, documents, records, methods, tools, techniques, technologies, and resources.

Documents you may need:

* iso-27001-product-sheet-en-v1 - download

* iso-27701-privacy-information-management - download

* iso-27701-product-sheet-en-dekra-us - download

* tisax-assessment-whitepaper-en-dekra-us - download

* Project_Checklist_for_27001_Implementation_EN - download

* COTO Log template - download

Do you need additional information or perhaps training? - link