What is the VDA ISA Catalog anyway?
The VDA ISA Catalog describes the information security requirements of the automotive industry. It contains industry-wide coordinated requirements for information security and is the basis for assessments to determine the level of information security (Information Security Assessments - ISA for short). The VDA ISA catalog is the basis for the TISAX® assessment.
And TISAX® was again...?
The VDA ISA calls for the protection of information and data within the company.
TISAX® is an industry standard for the automotive industry that pursues various test objectives such as information security, prototype protection and data protection.
Those requirements of the VDA ISA for information security in the automotive industry can be proven by the company in question if the audit is successful.
The requirements originate from the automotive sector, but they are aimed at ALL institutions that exist in the automotive value chain. This includes companies that immediately come to mind, such as manufacturers of automotive parts.
But they also include those companies that you might not immediately think of, such as trade show builders, media agencies, or printers that work for or are contracted by automotive groups.
What's new in the VDA ISA catalog version 5.1?
In 2020, the VDA ISA Catalog Version 5.0 was fundamentally revised and optimized - below we have reported in detail on all the changes and the impact on a TISAX® assessment.
According to the change history in the VDA ISA Catalog 5.1, the following changes and adjustments have now been added:
Thus, with version 5.1, in addition to language corrections, the protection goals regarding requirements for high and very high protection needs were added to the "Information Security" spreadsheet. No change in requirements took place.
In establishing and maintaining an appropriate level of information security, member companies are supported by the "Information Security Recommendation" and the VDA ISA catalog.
You can download the VDA ISA catalog version 5.1.0 from this link on the portal of ENX:
But what exactly has changed? And what effects do the adjustments have on certification according to TISAX?
We give you the summary at a glance here:
Third party connection
Addresses more strongly the current requirements in the home office and measures when travelling to safety-critical countries
to ensure the suitability of employees for sensitive areas of activity.
deals with the handling of protective features and the handling of means of identification such as keys, visual identity cards or cryptographic tokens.
Integration of following Controls
Elimination of the following Control
Download the new VDA-ISA catalogue 5.1 under this link:
From 01 October 2020, the VDA ISA Catalogue, Version 5.0 will be used for new TISAX® assessments.
Until then, the previous VDA ISA catalogue, version 4.1.1, applies.
And don't panic: For ongoing TISAX® assessments commissioned before 01.10.2020, the previous catalogue can also be used until 31.03.2021.
Anyone who has properly implemented and lived VDA-ISA 4.1.1 in the past can switch to the new VDA-ISA catalogue 5.0 with little effort and easily implement the additional requirements.
We at OPTIQUM are happy to support you with a GAP analysis and also with questions about VDA-ISA and TISAX®.
Contact us for a non-binding initial consultation: vda-isa-berater[at]optiqum.de
To ensure that you are optimally prepared for the new requirements and your certification according to TISAX®, OPTIQUM exclusively offers the GET READY FOR TISAX® workshop.
You will find information → here