Komax continues to ensure outstanding information security
After a demanding assessment process, the Komax Group successfully completed certification as per TISAX, thus guaranteeing its business partners the security of its IT and management systems according to a standard recognized in the entire automotive industry. Head of IT Security Jan Gehrig explains why this certification is important for collaboration with customers and what benefits it brings.
The digitalization of modern vehicles is advancing in leaps and bounds. Today, a single vehicle contains over 100 digital control units, which can be connected to one another or controlled centrally – and counting. Due to autonomous driving and the use of artificial intelligence, the complexity of the software architecture in modern cars will continue to increase, and the issue of cybersecurity is gaining in importance at the same time. “Information security is becoming more and more important in the automotive industry,” explains Jan Gehrig, Head of IT Security at Komax, because: “There is a lot of sensitive information in the automotive industry – such as patents or trade secrets – which is shared when suppliers and manufacturers work together in the supply chain.”
Service providers and suppliers would have to guarantee that their products, services, partner networks, and even information security management systems meet ever more demanding quality requirements, because most European automotive manufacturers call for strict security standards when choosing their suppliers. This makes it extremely important to have secure IT systems, “both within the Komax Group and during work with our customers,” Gehrig explains, adding: “But the key to an an information security organization is the employees, who have to pay extremely close attention to their own actions and their environment.” That is why TISAX not only includes IT security measures for data protection and digital access rights, it also involves physical and organizational aspects such as access control, monitoring and confidentiality statements from employees, external service providers and partners.
Komax is TISAX-certified
The Komax Group sought to obtain TISAX certification not only to ensure this level of information security, but also to demonstrate that it is accredited by an industry standard in the automotive sector. “And, after a month-long, demanding assessment process, we completed the process successfully,” Gehrig adds. TISAX is a uniform standard created in the automotive industry which offers a recognized basis for evaluation across companies and is acknowledged by all members of the German automotive industry association VDA, such as Audi, Volkswagen, BMW and Mercedes-Benz. “This way, companies that have already been verified won’t have to be audited multiple times by different customers.”
A good foundation for the future
“TISAX certification gives us a transparent way of demonstrating the security of all relevant information to our customers, their suppliers and the automotive manufacturers,” Jan Gehrig explains further. This is a huge advantage, since Komax used to have to undergo countless audits and subject itself to spot checks as per VDA Information Security Assessment in order to be able to work with big time automotive manufacturers. This led to a new catalog of measures being created each time, which often had a negative impact on the timeline when establishing relationships with new customers. TISAX not only eliminated this problem, “it also laid a good foundation for potential ISO/IEC 27001 certification.”
For Secure Information Processing
The “Trusted Information Security Assessment Exchange” standard TISAX is operated by the legally independent ENX Association based in Frankfurt am Main and Paris and was established in 2017 as a testing and information exchange mechanism by VDA, the German automotive industry association. It is used for supplier risk assessment and addresses the secure processing of business partner information and data protection between automotive manufacturers and their suppliers in accordance with the General Data Protection Regulation (GDPR). TISAX is enforced industry-wide and applies to all companies in the German automotive supply chain: car manufacturers, OEMs, partners and suppliers.
TISAX is largely based on the existing ISO 27001 standard, but its protection requirements are more heavily adapted to the specific features of the automotive industry. This means they are often formulated more clearly and evaluated more strictly. After a successful certification, participants can exchange information on information security status with one another via an online portal and establish direct contact with testing service providers. At the same time, each decides for themselves whom the results are to be disclosed to and in what degree of detail.
Jan Gehrig is responsible for IT Security at the Komax Group and reports to Christoph Lienhard, VP Global IT, in the Market & Digital Services department. He studied information security and data protection at the Lucerne University of Applied Sciences and Arts and has been working for the Komax Group since 2018.