The automotive industry faces many cyber and information security threats. Our ISO/SAE 21434 and Trusted Information Security Assessment Exchange (TISAX®) services are here to support you.
The ever-evolving automotive industry
Technology is clearly changing the face of the automotive industry. The shift toward vehicle connectivity and automated vehicles, coupled with increasing numbers of complex automotive components, has heightened the risk of cyberattacks.
Automotive businesses that want to remain competitive in the digital age must also consider information security because the industry is exchanging more and more confidential data daily.
Introducing two key services
ISO/SAE 21434 is the world’s first international standard for cybersecurity in the automotive industry. It aims to reduce the risk of cyberattacks by embedding cybersecurity into automotive products throughout their lifetimes.
The global standard specifies engineering requirements for cybersecurity risk management. These cover the concept, product development, production, operation, maintenance and decommissioning of series production electrical and electronic (E/E) systems in road vehicles, whose development or modification began after the standard was published in 2021. This includes their components and interfaces.
ISO/SAE 21434 provides guidance on developing a cybersecurity management system that includes processes for risk assessment, treatment, monitoring and review. Its framework includes requirements for cybersecurity processes and a common language for communicating and managing cybersecurity risks.
The standard does not prescribe specific cybersecurity technology or solutions.
What are the benefits of ISO/SAE 21434 certification?
Certification follows a successful audit and enables you to:
- Ensure that products and services are developed and maintained via a secure and trustworthy management process
- Better identify and mitigate potential threats and vulnerabilities
- Indicate that you have conducted a security assessment with the greatest possible independence
- Demonstrate your level of embedded cybersecurity to customers
- Improve operational efficiency
- Reduce costs
- Contribute to UN Sustainable Development Goal 9 – Industry, Innovation and Infrastructure
Certification can also help you comply with other relevant standards and regulations, such as UNECE Regulation No. 155 (cybersecurity and cybersecurity management system) and the General Data Protection Regulation (GDPR).
A TISAX assessment from us can help you ensure a uniform level of information security among car manufacturers, service providers and suppliers.
TISAX is the leading automotive industry information security initiative. It helps to protect data by confidently ensuring integrity and availability in automotive business processes, including manufacturing. A dedicated online platform has been developed for the exchange of information security assessment results in the automotive sector. After registration, companies can share their assessment results with trusted business partners.
TISAX is based on the Information Security Assessment (ISA) developed by the German Association of the Automotive Industry (VDA) and Volkswagen. The catalog includes criteria for assessing the information security of automotive supply chain organizations based on ISO/IEC 27001 (information security management systems) and ISO/IEC 27002 (information security controls) but has additional requirements.
The ENX Association maintains the ISA, audit provider criteria and assessment requirements (TISAX ACAR). It also approves audit providers and monitors the quality of implementation and assessment results. ENX is supported by the TISAX Committee, comprising manufacturers, suppliers and associations.
What are the advantages of TISAX?
Successfully passing an assessment allows an organization to share the TISAX label with business partners. This helps the organization highlight its information security status.
Key advantages include:
- Assessment results recognized by all TISAX participants
- A commonly accepted assessment standard that enables the exchange of assessment results
- Accepted by suppliers and original equipment manufacturers
- Saves time and money
- Creates confidence in your company
- Eliminates duplicate and multiple assessments
Why SGS for ISO/SAE 21434 and TISAX?
With years of worldwide experience in cybersecurity, information security and the automotive industry, we are perfectly placed to provide ISO/SAE 21434 and TISAX alongside helping organizations manage their supply chain, providing safe and reliable vehicles, improving quality, efficiency and safety, and reducing environmental impact.
We can help you along the path to ISO/SAE 21434 certification with an audit, which can include a gap assessment and benchmarking. We will determine your level of competence and support you to achieve ongoing improvement.
We can guide you through the entire TISAX process, including registration, assessment provider selection, document review and/or on-site assessment and exchange of results.
Time for TISAX training?
SGS Academy offers a TISAX Introduction Training Course. On completion of this face-to-face or virtual instructor-led training (VILT), you will understand TISAX requirements and elements, the differences between the initiative and ISO/IEC 27001, and how to execute a TISAX project.
For more information, visit our ISO/SAE 21434 certification, TISAX assessment or TISAX training web pages.
For further information, please contact:
Jason Hulbert
Associate Marketing Manager
Knowledge
t: +44 7912 426878
About SGS
We are SGS – the world’s leading testing, inspection and certification company. We are recognized as the global benchmark for sustainability, quality and integrity. Our 98,000 employees operate a network of 2,650 offices and laboratories, working together to enable a better, safer and more interconnected world.
