TISAX®, the cybersecurity assessment specific to the automotive sector

When it comes to automotive cybersecurity, we're moving up a gear. In a highly competitive and innovative environment, the automotive giants are becoming increasingly aware of the risks of hacking and leaks resulting from the digitalization of processes and exchanges. How do you protect the plans for a prototype when it is ready to be manufactured by a subcontractor? How can we ensure the security of confidential plans stored on a server abroad? What protection is there against ransomware threatening to spread the secrets of a future revolutionary engine on the darkweb? How to ensure business continuity in the event of a major crisis?

Inspired byISO/IEC 27001, the TISAX® standard provides answers to these new concerns that are weighing on the entire automotive sector. The AFNOR group is now recognized by ENX, the association that owns the standard, to assess the practices and information systems of players in the sector.

TISAX® evaluation: a sector-specific version ofISO/IEC 27001

Data registry, governance, business continuity plan, employee awareness and training... TISAX® requirements vary according to the level of assessment carried out, of which there are three: a self-assessment, a remote audit by a third-party assessor, and finally an in-depth audit lasting several days on site.

TISAX® is no longer an option," says Thomas Sanjullian. Manufacturers are already including this requirement in their invitations to tender. To be able to respond and receive data from the manufacturer, they must provide proof of their level." Since September 2023, the AFNOR group has been recognized to carry out this assessment. Auditors are currently undergoing training to be able to conduct their first audits from early 2024.

At the same timeISO/IEC 27001the flagship standard providing guidelines for deploying a solid and effective information management system, is experiencing unprecedented popularity. With almost twice as many people certified in two years, the rise of ISO/IEC 27001 is confirmed at global level, with almost 100,000 sites certified worldwide. In terms of countries, the top three are China, Japan and the UK. The main reason for this strong growth is the central role played by data protection issues. ISO 27001 deals with the security of information systems, and covers both digital and paper data," explains Brice Gilbert, head of ISO 27001 at AFNOR Certification. A few years ago, 62% of companies adopting this standard did so voluntarily. But with the tightening of the regulatory context, most of them are now committing themselves to compliance, so that they can continue to respond to calls for tender. Unsurprisingly, in the ISO Survey, the business sector that makes most use of ISO/IEC 27001 certification is information technology.

"Manufacturers, particularly in the aeronautics sector, are well aware of what's at stake. A hack, a data leak or a ransom demand, and the company's survival is at stake. AFNOR is proposing a multi-stage strategy, starting with a free self-assessment to initiate reflection, whatever your sector of activity," says Brice Gilbert. Five years after the first version in May 2017, the publication of the updated standard in 2022, with new aspects such as the cloud, is available as an accredited certification thanks to our international network.

Read more

• About the TISAX® evaluation - Information Security in the Automotive Sector
• on ISO 27001 certification - Information Systems Security
• on the ISO 9001 and ISO 27001 Qualification of Internal Auditors course
• about our certification offer
• on our training offer
• on our international network.