Server

Information technology

​ ISO 27001 provides all the tools you need to implement an integral information security management system (ISMS). It focuses on assessing and controlling risks to information-processing activities. The requirements are deliberately kept general; however, compliance must reflect the organization specific situation. Throughout the standard, information security is described as a significant strategic element that ensures senior management attention. The preventive management system approach is based on the high-level structure required for all ISO management system standards, making the standard easy to integrate into an existing management system.

Your benefits
  • -Recognized proof of strong security risk controls
  • -Systematic achievement of confidentiality, availability and information integrity
  • -Strengthened security awareness of employees and executives
  • -Continual improvement of security and data access controls
  • -More business certainty, compliance with relevant requirements
  • -Great trust and loyalty from all interested parties
The audit - what happens ​

As a qualified, accredited certification body, we fully audit the effectiveness of your management system through the classic DQS certification process. We plan each certification individually, adapting it to your specific circumstances and corporate objectives. A pre-assessment can provide a starting point to identify your strengths and opportunities for improvement. During the certification audit, we come to your facility to verify whether you meet all the requirements of ISO 27001. The DQS certificate serves as proof of compliance. Annual monitoring ensures process stability and minimizes risks. You can recertify after three years.

The revision

DIN EN ISO/IEC 27001:2017-06 is a version adapted by the CEN (European Committee for Standardization). It combines two corrigenda: Cor 1:2014 and Cor 2:2015. Because the corrections only improve descriptions of requirements, but don’t include any additional requirements, any certificates based on the 2013 version will remain valid. New DQS certificates will also continue to be issued on the basis of ISO/IEC 27001:2013.

Trusted Information Security Assessment Exchange

Are you a supplier or service provider for the automotive industry?

If so, you need only one thing to assure customers that you are keeping their information secure – participation in the TISAX Exchange. All it takes is one assessment every 3 years.

You perform an ISA VDA assessment managed by an accredited audit provider. As a registered TISAX participant, all other participants in the network will accept your evaluation result.

The Standard

The VDA’s Information Security working group recently developed an information security assessment (ISA) based on essential aspects of ISO/IEC 27001, but with the addition of a maturity level model. Version 4.0 of the VDA ISA was published in early 2018. The VDA has also enabled the establishment of a common assessment and exchange mechanism, known as TISAX (Trusted Information Security Assessment eXchange). TISAX is operated by the ENX Association, an alliance of European carmakers, auto parts suppliers and automotive associations that the VDA has employed with operating TISAX as a neutral authority.

Your benefits
  • Cross-company acceptance of assessment results by all TISAX participants

  • Avoidance of repeated or redundant assessments

  • Fewer misunderstandings due to harmonized VDA ISA criteria

  •  Potential for lower costs and faster processes thanks to mutual recognition in the TISAX network

  •  TISAX certification audits only required every three years

The audit - what happens ​

You can access the TISAX service by registering online on the TISAX portal. After registration, you can ask an authorized auditor to perform an assessment based on the VDA ISA questionnaire. After evaluation, the results are transferred to the TISAX database. However, not every TISAX participant has access to your results. You decide who has access to information that explicitly grants access on a case-by-case basis. ENX monitors the quality of assessments and accredits audit providers through a rigorous process. DQS is one of 7 accredited TISAX audit providers