ISA Release 6: Strengthening Information Security in the Automotive Industry

The ever-evolving automotive industry is in a new era where information security and cybersecurity are essential to maintain process integrity and safeguard critical assets and data. In this context, the TISAX (Trusted Information Security Assessment Exchange) system has emerged as a global standard for information security assessment, specifically designed for the automotive sector. 

 

With more than 10,000 audited sites in over 75 countries, TISAX has established itself as one of the most successful standards worldwide. The ISA (Information Security Assessment) catalog serves as the basis for the information security and cybersecurity assessments performed by TISAX. The recent publication of version 6 of this catalog sets a new standard in terms of information security and cybersecurity for the automotive industry. 

 

What’s new in ISA Version 6? 

 

Developed by international experts, ISA version 6 introduces significant changes.  

 

  • More focused changes to the IT and OT readiness of production suppliers,
  • New Labels in the previous Info High and Info Very High categories. 
  • Completely revised data protection catalog (GDPR), 
  • New references to ISO/IEC 27001:2022 and NIST Cyber Security Framework Version 1.1, and 
  • Continuous improvement and maintenance. 
  • Primary language is now English; several translations are planned

 

 

Which are the new TISAX Labels

 

ISA Version 6 brings not only modifications to the catalog, but also changes to the TISAX labels. In this version a division is made for the categories “Info High” and “Info Very High”, being able to be:  

 

  • High Availability : equivalent to the previous Info High
  • requirements, but only affecting Availability. 
  • High Confidentiality: : equivalent to Info High prerequisites, but only affecting Confidentiality. 
  • Very High Availability: : equivalent to Info Very High prerequisites, but only affecting Availability. 
  • Strictly (Very High) Confidential: : equivalent to Info Very High prerequisites, but only affecting Confidentiality. 

 

 

 

 A distinction has been introduced in the “Info” labels to reflect differences in the security profiles required for production suppliers and trade secret protection. 

 

 

How to Transition to the new ISA Version 6

 

To ensure a smooth transition, key guidelines have been established. Previous assessments will retain their validity, and new assessments until March 31, 2024 will use version 5, while as of April 1, 2024, version 6 of the catalog, which has been available for download on the ENX Portal since last October 2023, will be implemented. 

 

 

The big new feature New labels 

 

The transition to the new TISAX labels will be phased in gradually starting April 1, 2024. This includes the addition of “Confidential” and “Strictly Confidential” labels to locations with existing “Info High” or “Info Very High” labels. New assessments will use the “Info” labels until they are eligible for TISAX labels, at which time the “Confidential” and “Strictly Confidential” labels will be added. 

 

 

Where can I get the new ISA Version 6?

 

ISA Version 6 marks an important milestone for information security and cybersecurity in the automotive industry. With a focus on IT and OT availability as well as trade secret protection, it aims to strengthen security and ensure continuity of processes in the supply chain. The transition to the new labels ensures a gradual adaptation, setting standards of excellence and reliability worldwide. 

 

Get ready for the new era of information security in the automotive industry by downloading version 6 of the ISA catalog in the German Association of the Automotive Industry (VDA)! 

 

Check how SECDAT could assist you with our TISAX certification services.