TISAX Certification and Digital Personnel File – Modern Personnel Management With Timly

TISAX Certification in Automotive: Questionnaire as a Basis

The content of the TISAX certification was initially based on the well-known ISO IEC 27001 standard, which is one of the most established certifications in information security management. It regulates, for example, precautions to protect against data theft and misuse, encryption and access mechanisms and the ongoing monitoring of the integrity of the company’s own systems.

In addition, the questionnaire is used by the German Association of the Automotive Industry (VDA) as a basis. The Information Security Assessment (ISA) includes basic precautions and procedures for data security, for example patch management and setting up personal access authorisations. It is essential to collect and store the necessary information in a structured manner.

Timly creates the best conditions for this with its holistic approach. The decisive factor is that the software solution makes it possible to manage personnel information (with the training management software function) and inventory data in one system and to link them with each other at the necessary interfaces. In this way, all necessary proof of suitability, personal certifications and safety instructions can be entered into the Timly digital personnel file in a legally secure manner.

In this way, they are not only available at the push of a button when assessments are due. The system’s deadline management also ensures that upcoming examination and renewal dates are pointed out in good time. The HR department and affected employees are automatically notified by e-mail if desired.

Similarly, Timly also maps complex IT infrastructures. All necessary information about licence expiry dates, maintenance and update work as well as important network and security information can be stored in it.

The Timly inventory management software stores the information centrally in a secure and GDPR-compliant cloud storage. The sophisticated and fine-grained authorisation system guarantees data protection for sensitive information. The Timly concept combines the simplest and most intuitive usability possible with the highest possible security. This is essential so that mechanisms are not circumvented out of time constraints and convenience, for example by sticking the infamous sticky note with the complex password to the screen.

Timly offers authorised employees access to required facts and instructions at any time from any end device. With the Timly app, there is even an alternative optimised for smartphones and tablets. This simplicity makes it easier to observe security precautions in everyday working life.

TISAX Certification – Requirements and Procedure

Those responsible for companies that are seeking TISAX certification due to customer requirements or out of their own interest can first work through the VDA’s ISA questionnaire. If the essential protective measures and precautions required in it are fulfilled, there is nothing to stand in the way of the assessment process. This is divided into three major steps and different assessment levels:

1. registration:

The company must be registered with ENX and the assessment process must be applied for. In addition to obtaining the necessary information, this step also includes defining the scope of the audit – which is called the TISAX audit scope. Furthermore, protection goals are determined, for example necessary precautions in handling prototypes. These are based on the possible TISAX labels, which can be described as levels of secrecy or maturity level.

2. testing:

The actual examination first requires a self-assessment based on the ISA requirements catalogue to cover the basic questions. A certified TISAX audit service provider is then selected to carry out the actual audit process in the company. The service provider checks the self-assessment and carries out the usually multi-stage TISAX procedure for the audit.

In the process, interim results can also be presented and subsequent improvements can be checked in follow-up audits on the basis of action plans that have been drawn up. In the case of minor deviations, the auditors may issue a provisional TISAX label. After successful completion, the final TISAX label is awarded, the assessment level of which is based on the previously agreed target. The awarded label is valid for a maximum of three years.

3. exchange:

The audit results and the label are made available by the audit service provider on the ENX exchange platform. The responsible persons of the audited company then decide on the sharing level for publication towards partners. Depending on the level selected, all TISAX participants or only explicitly authorised companies can gain insight.

Differences and Similarities: TISAX Certification vs. ISO 27001

The ISO 27001 standard is a standard for the management of information security in companies that has been further developed for decades. In so-called audits, the conformity with processes in companies is checked. Authorised auditing companies award corresponding certifications, which confirm compliance with the prescribed requirements. The certified companies may also actively advertise their conformity to the international standard ISO-27001.

The TISAX, on the other hand, is a rather closed system. The strong specialisation and the need for protection of trade secrets in the domestic automotive sector mean that a certain degree of encapsulation is necessary. The results of the TISAX testing process may ultimately only be used internally and in exchange with other registered companies. However, since suppliers are also often highly specialised, this need not ultimately be a disadvantage.