TISAX® – When “Global Standard” still means “Sprechen Sie Deutsch?”

Congrats: You have started the TISAX® compliance process ahead of your competition. Great! But wait, there’s a surprise lurking for you in the depths of the VDA “𝐈𝐧𝐟𝐨𝐫𝐦𝐚𝐭𝐢𝐨𝐧 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐬𝐬𝐞𝐬𝐬𝐦𝐞𝐧𝐭” ISA Catalog full of controls to comply with…

𝐒𝐨𝐦𝐞 𝐨𝐟 𝐭𝐡𝐞𝐦 𝐚𝐬𝐬𝐮𝐦𝐞 𝐲𝐨𝐮 𝐚𝐫𝐞 𝐟𝐚𝐦𝐢𝐥𝐢𝐚𝐫 𝐰𝐢𝐭𝐡 𝐆𝐞𝐫𝐦𝐚𝐧 𝐜𝐨𝐧𝐬𝐭𝐫𝐮𝐜𝐭𝐢𝐨𝐧 𝐚𝐧𝐝 𝐢𝐧𝐬𝐮𝐫𝐚𝐧𝐜𝐞 𝐬𝐭𝐚𝐧𝐝𝐚𝐫𝐝𝐬. Yes. For real.

Some examples we have run into while supporting clients:

𝐃𝐨𝐨𝐫𝐬, 𝐰𝐢𝐧𝐝𝐨𝐰𝐬, 𝐚𝐧𝐝 𝐢𝐧𝐭𝐫𝐮𝐬𝐢𝐨𝐧 𝐩𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧:
The catalog refers to resistance classes like “RC2” (𝘸𝘢𝘪𝘵, 𝘸𝘩𝘢𝘵?), based on DIN EN 1627. That’s a European standard for how well doors and windows resist break-ins – not something most U.S. firms have ever dealt with.

𝐈𝐧𝐬𝐮𝐫𝐚𝐧𝐜𝐞 𝐬𝐭𝐚𝐧𝐝𝐚𝐫𝐝𝐬:
You’ll also see references to “VdS Schadenverhütung” (𝘤𝘰𝘮𝘦 𝘢𝘨𝘢𝘪𝘯?), a German fire and security insurer that publishes technical standards used to e.g. define resilience of the “Außenhaut” (𝘸𝘩𝘢𝘵 𝘯𝘰𝘸?), the outer shell of a building or structure.

𝐀𝐧𝐝 𝐭𝐡𝐞𝐬𝐞 𝐚𝐫𝐞𝐧’𝐭 𝐣𝐮𝐬𝐭 𝐛𝐚𝐜𝐤𝐠𝐫𝐨𝐮𝐧𝐝 𝐧𝐨𝐭𝐞𝐬 – 𝐮𝐧𝐝𝐞𝐫𝐬𝐭𝐚𝐧𝐝𝐢𝐧𝐠 𝐭𝐡𝐞 𝐫𝐞𝐟𝐞𝐫𝐞𝐧𝐜𝐞𝐝 𝐬𝐭𝐚𝐧𝐝𝐚𝐫𝐝𝐬 𝐜𝐚𝐧 𝐝𝐢𝐫𝐞𝐜𝐭𝐥𝐲 𝐚𝐟𝐟𝐞𝐜𝐭 𝐰𝐡𝐞𝐭𝐡𝐞𝐫 𝐚 𝐜𝐨𝐧𝐭𝐫𝐨𝐥 𝐢𝐬 𝐜𝐨𝐧𝐬𝐢𝐝𝐞𝐫𝐞𝐝 𝐩𝐫𝐨𝐩𝐞𝐫𝐥𝐲 𝐢𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭𝐞𝐝 𝐨𝐫 𝐧𝐨𝐭.

If your consultant doesn’t understand how to interpret those references, you may hit unexpected obstacles. These details aren’t always obvious, and in some cases, there is no direct U.S. equivalent, so you and your consultant need to be diligent as to how to comply.

𝐀𝐭 𝐆𝐫𝐚𝐧𝐢𝐭𝐞 𝐒𝐭𝐚𝐭𝐞 𝐈𝐧𝐟𝐨𝐒𝐞𝐜 𝐂𝐨𝐧𝐬𝐮𝐥𝐭𝐢𝐧𝐠, 𝐆𝐞𝐫𝐦𝐚𝐧 𝐢𝐬 𝐥𝐢𝐭𝐞𝐫𝐚𝐥𝐥𝐲 𝐢𝐧 𝐨𝐮𝐫 𝐠𝐞𝐧𝐞𝐬. 𝐎𝐮𝐫 𝐭𝐞𝐚𝐦 𝐦𝐚𝐝𝐞 𝐢𝐭 𝐚 𝐩𝐨𝐢𝐧𝐭 𝐭𝐨 𝐭𝐫𝐚𝐧𝐬𝐥𝐚𝐭𝐞 𝐭𝐡𝐞𝐬𝐞 𝐭𝐫𝐚𝐧𝐬𝐚𝐭𝐥𝐚𝐧𝐭𝐢𝐜 𝐞𝐱𝐩𝐞𝐜𝐭𝐚𝐭𝐢𝐨𝐧𝐬 𝐢𝐧𝐭𝐨 𝐬𝐨𝐦𝐞𝐭𝐡𝐢𝐧𝐠 𝐚𝐜𝐭𝐢𝐨𝐧𝐚𝐛𝐥𝐞 𝐟𝐨𝐫 𝐀𝐦𝐞𝐫𝐢𝐜𝐚𝐧 𝐜𝐨𝐦𝐩𝐚𝐧𝐢𝐞𝐬.

If you’re preparing for a TISAX® assessment or wondering how the German aspects apply to your situation, we are happy to compare notes.

#TISAX #VDAISA #AutomotiveCybersecurity #InfoSec #GSInfoSec