top of page

NIS risk management service

The Trusted Information Security Assessment Exchange (TISAX) is a platform developed specifically for the automotive industry that allows industry players to share their information security assessment results with their customers and partners. TISAX is an information security requirements system specialized for the automotive industry, created by the German Automotive Association (VDA), specifically tailored to the needs of the automotive industry. Compared to the ISO/IEC 27001 standard, TISAX is a customized, specifically automotive, standardized information security requirement system that takes into account the needs of car factories. With the help of TISAX, you can demonstrate to the customer in the automotive industry the extent to which your company's information security management system (IBIR) meets the automotive data management requirements.

Risk assessment

The risk analysis is performed in accordance with industry standards (ISO 27001, 27005, 31001). Accordingly, it also covers the following.

  • for the security of network and information systems and facilities,

  • to manage security incidents and

  • to ensure business continuity.

Those who use it most often

Based on the risk analysis, the organization must also implement security measures commensurate with the risks.

  • Development of necessary regulations

  • Information security policy

  • Definition and documentation of the risk acceptance criteria of the risk analysis methodology.

Business continuity

Based on the requirements of the regulation, the executive order of the regulation requires the preparation of a business continuity plan and an action plan applicable in the event of a disaster, based on a business impact analysis.

  • Business Impact Analysis (BIA)

  • Business continuity or service plan (BCP, Business Continuity Plan)

  • Disaster Recovery Plan (DRP)

Review and test

In accordance with the requirements of the regulation, every organization must review the established risk analysis annually and, in case of changes in risks, a new risk management plan must be developed. 

  • Annual review

  • Documentation update

  • BCP and DRP test

Rating levels

  • With the help of interviews, we assess the security of the organization's IT system and facilities

  • According to ISO 27005, we develop the documentation methodology and regulations of risk management

  • We carry out the risk analysis

  • We develop an action plan to reduce possible risks 

    • We exclude risks that cannot be taken into account based on the operation of the organization, reducing the administrative burden

    • We look for the most optimal risk management method in terms of maintaining business operations

    • We make a proposal for the preparation of regulations

    • If possible, we recommend an administrative solution instead of costly additional investments

  • We document the results of risk management

  • We provide a regular review service

  • In case of possible damage to the system, we document the incident and support the documentation of the official notification

  • Fact-based decision making

  • Risk-based thinking

Advantages of using TISAX

  • With the help of interviews, we assess the security of the organization's IT system and facilities

  • According to ISO 27005, we develop the documentation methodology and regulations of risk management

  • We carry out the risk analysis

  • We develop an action plan to reduce possible risks 

    • We exclude risks that cannot be taken into account based on the operation of the organization, reducing the administrative burden

    • We look for the most optimal risk management method in terms of maintaining business operations

    • We make a proposal for the preparation of regulations

    • If possible, we recommend an administrative solution instead of costly additional investments

  • We document the results of risk management

  • We provide a regular review service

  • In case of possible damage to the system, we document the incident and support the documentation of the official notification

  • Fact-based decision making

  • Risk-based thinking

bottom of page