TISAX (Trusted Information Security Assessment Exchange) has been in place since 2017 and is a test procedure that sets a standard for information security and exchange. Those who have passed the assessment have a recognised status and some manufacturers (like BMW and VW) are making these tests mandatory for any OEM agreement. It is anticipated that others will follow this lead and that TISAX will become the accepted security and information exchange standard.
In essence it provides a set of tests and assessments that evaluates security and then ensures processes are in place that demonstrate key standards.
These tests can be summarised as follows:
- Roles and Responsibilities – all employees know their roles, responsibilities, and authorities for all operating processes
- Standard Processes – these are clear and documented
- Change Management – the organization updates processes
- Improvement – there is a continual improvement cycle
The TISAX standards are valid for 3 years and the badge is acquired through the ENX portal. One of the key focuses is change management and it is this continual change that can be a headache and it is this challenge that we meet head-on by using E-Flow business process management (BPM) to automate more than 120 processes around TISAX governance.
Approaching a TISAX project, you need to consider a raft of internal processes and how these can be streamlined, improved, and sustainable. They need to be open to continual improvement. Using a 3rd party professional to assist with this enables a more pragmatic view of gap analysis, document management, audit, tracking, control, and governance.
The E-Flow BPM can effectively automate and simplify this without coding but by using existing workflows designed specifically to build and maintain TISAX compliance. With dashboards and reports and auto-notifications this becomes routine. The continuity and sustainability of the process of change management is required, so that everything is documented automatically and constantly verifiable
As an example, E-Flow is in use by Maysan Mando, a J-V between the Turkish shock absorber maker Maysan and Mando. This is the largest global Tier 1 Korean OEM of shock absorbers, brakes and steering parts. They have increased the speed by approvals and 5S audit as part of their lean production process required by Japanese and Korean car makers. 5-minute video on the implementation of E-Flow – Watch here
The growing acceptance of the TISAX as a standard is inspiring trust and providing a more robust approach to information security. The automotive industry is a global supply-chain, and this requirement is now set to be the yardstick for security compliance.
If you need help complying with TISAX and maintaining that status, please contact ReInforce Technology.