The internal IT security of the C&S group has been thoroughly tested. The trigger for the extensive audit was a verification and exchange mechanism called TISAX (Trusted Information Security Assessment Exchange), which is based on essential aspects of ISO/IEC 27001.TISAX serves the purpose of company wide recognition of elements of information security in the automotive industry.
IT security has become a very complex field, because with the increasing possibilities of data processing, the dangers in handling information of different kinds also increase. We are proud to have passed this audit without any problems.
Among other services, C&S tests control units and components that are later to be installed in the car – so this time the testers were themselves tested. “For our daily business, customers have to leave their prototypes and confidential data to us”. Beyond pure trust, this requires processes that ensure that this data is in good hands in the different departments of the C&S group. “First and foremost, procedural rules must ensure that confidentiality, availability and integrity are maintained”.
TISAX is a global label that creates competition among accredited testing service providers. Since 2017, successfully completed testing has been the basic prerequisite for being allowed to continue working with the major carmakers.
The ISO/IEC 27001 defines a set of rules to establish security in companies in a structured manner. C&S has incorporated information security into its management system for a long time – now it has been assessed by an external auditing service provider according to the rules of TISAX.
The audit by DEKRA took place in July 2019 under the title “Handling of information with high protection requirements/ handling of prototypes with high protection requirements”. Organizational processes had to be presented under intensive inspection and the implementation of the processes had to be demonstrated. In addition, the facilities were inspected, the security on site was examined and the staff was interviewed.
At the end of the day, it was not only the gratifying report of the auditors that C&S had passed this stress test. Rather, the assessment always includes a discussion of possible improvements. Such assessment takes place every three years.