Prostep | Newsletter

Successful TISAX audits at PROSTEP

By Rainer Bugow

PROSTEP takes account of its automotive customers' growing requirements in terms of data security. Last year we were certified in accordance with TISAX and have since extended the scope of this certification. In addition to company headquarters in Darmstadt, the branch offices in Berlin and Munich also recently passed their TISAX audits successfully.

The ever increasing level of networking in the automotive industry means that information security plays a key role when it comes to organizing business relationships. The German Association of the Automotive Industry (VDA) has defined uniform requirements for this purpose and compliance is checked by means of regular audits: Trusted Information Security Assessment Exchange, or TISAX for short. TISAX certification provides an important foundation for business relationships at numerous automobile manufacturers and automotive suppliers. It ensures that business partners comply with certain security standards when handling confidential and personal data. This applies to both the physical security of the premises and employees' awareness of the issue of data security and to the protection of the IT infrastructure against cyber attacks.

The TISAX audit is based on the Information Security Assessment (ISA) developed by the VDA, a uniform catalog of questions that companies can use to assess their level of maturity in a variety of areas relating to information security. The actual certification process is carried out by independent service providers accredited by the ENX Association. The organization, which comprises European automobile manufacturers, suppliers and automotive associations, also monitors the quality of the assessments and the results.

At PROSTEP, TISAX certification is just one of many components that ensure reliable business processes and the compliant handling of confidential and personal data. During the course of a multi-day assessment, the auditors recently also verified compliance with the quality requirements relating to business processes (ISO 9001), the requirements relating to information security (ISO 27001), which serve as the basis for TISAX, and the data protection provisions according to the General Data Protection Regulation (GDPR or DSVGO in the German terminology). 

Thanks to PROSTEP's many years of experience with the certification processes and the excellent preparatory work performed for the audits, there was no cause for complaint. The auditors praised the excellent implementation of the DSVGO requirements in particular.

We passed the various audits with flying colors, even though the TISAX requirements and the inclusion of additional locations meant that the review was performed in greater depth than in the past. Successful TISAX certification enables us to take account of the growing data security requirements of our customers in the automotive industry and create a basis for collaboration in joint PLM development projects that is based on trust.