top of page

News & Updates

Sign up to be the first to be informed of our news & updates


Join our mailing list

Never miss an update


What is TISAX?

The automotive industry deals with numerous business-critical assets and confidential data particularly in relation to R&D, design data, technology, and prototypes. In order to systematically safeguard that information, TISAX (Trusted Information Security Assessment Exchange) was developed to help the industry adopt a robust standardised approach to information security management systems and build trust and assurance throughout the supply chain.

The ENX Association, made up of motor manufacturers, suppliers, and national automotive associations, maintains the framework of criteria that defines the required information security management system (ISMS) standards for TISAX. TISAX then enables companies to share their information security assessment results with other participants and potential business partners.

Why get TISAX?

The requirements for TISAX are very closely aligned to ISO/IEC 27001, but also cover additional industry-specific requirements for data protection, supply chain security and prototype protection.

TISAX certification provides assurance that partners are operating to defined standards and best practice, and although not mandatory, it is generally regarded as a precondition to doing business within the European automotive industry.

Therefore, if your company wants to be recognised as a potential supplier or partner for Original Equipment Manufacturers (OEMs) and major car marques, it is essential to go through the TISAX assessment process.

Benefits of TISAX:

· Enables your organisation to systematically secure confidential and business-critical data and effectively manage and mitigate risk.

· Demonstrates your commitment to maintaining best practice security standards and builds confidence and trust in your business.

· Identifies your business as a potential partner throughout the international automotive industry and provides a competitive advantage over companies that do not have the TISAX standard.

· Provides a robust framework to help your organisation manage its regulatory and legal requirements and maintain compliance.

· Delivers efficiencies and promotes easier collaboration between suppliers and manufacturers by eliminating duplication of tasks.

Types of TISAX assessment:

There are 3 basic TISAX Assessment Levels, in addition to optional prototype protection and data protection checks.

· Assessment Level 1: Self-assessment questionnaire.

· Assessment Level 2: Review of self-assessment questionnaire by accredited independent external auditor, remote plausibility check and interview.

· Assessment Level 3: Verification of self-assessment questionnaire by accredited independent external auditor, comprehensive on-site inspection, and interview.

Fortis deliver a wide range of TISAX consultancy services that help organisations to:

· Understand the TISAX assessment requirements, establish which Assessment Level is appropriate for the business and define the scope.

· Carry out a full gap analysis and recommend corrective actions.

· Optimise the existing ISMS to bring it up to the required standard.

· Plan and implement a fully integrated ISMS.

· Ensure ongoing maintenance and assurance of the TISAX framework during the three-year re-certification cycle.

Get in touch to find out more about how we can support your business with TISAX compliance.

4 views0 comments

Updated: Sep 5, 2023

The Cyber Advisor Scheme is a collaboration between the National Cyber Security Centre (NCSC) and IASME to ensure that organisations providing Cyber Essentials consultancy and support meet certain standards of expertise and trustworthiness.

The primary focus of Cyber Advisors is to assist organisations in implementing the five Cyber Essentials Technical Controls. This particular service is referred to as Cyber Advisor (Cyber Essentials) to distinguish it from potential future assured Cyber Advisors who will support small organizations in other areas of cybersecurity.

The adoption of the Cyber Essentials standard stems from the NCSC's recognition of its effectiveness as a fundamental baseline for defending against various commonly encountered cyber attacks, including ransomware attacks.

Cyber Advisors (Cyber Essentials) are well-equipped to help organizations evaluate the disparity between their existing cybersecurity posture and the level achieved by implementing the Cyber Essentials technical controls. This service is tailored specifically for small and medium-sized organisations, and the Advisors have undergone assessments not only to validate their technical expertise but also to ensure their ability to work effectively with small organizations. Fortis Cyber being awarded Cyber Advisor (Cyber Essentials) status means that they have been recognized as a trusted provider of Cyber Essentials consultancy and support. This designation indicates that Fortis Cyber has met the requirements set by the NCSC and IASME and can offer expert advice and guidance regarding Cyber Essentials.

By choosing Fortis Cyber as your provider, you can have confidence that you are in good hands and can expect knowledgeable and reliable assistance in implementing and maintaining Cyber Essentials practices. It's always important to work with reputable and accredited organisations when it comes to cybersecurity, and Fortis Cyber's Cyber Advisor status demonstrates their commitment to delivering high-quality services in this field.

276 views0 comments

Earlier this week (March 2023) Matt our MD was invited along to an event hosted by Red Helix to talk about how to prepare your staff for a cyber attack.

For many organisations it is a case of "when" and not "if", although not all attacks of course are catastrophic. Some however, will leave organisations unable to function as normal, with the worry of bad press and ultimately a loss of revenue. Preparation will equip staff with the confidence and skills to act fast and effectively.

Having robust incident response policies and procedures in place will serve to save you:

⏰ time - the faster you respond and react the quicker the effects can be minimised and normal business can resume

💷 money - minimising damage and disruption to daily business

🌟 loss of reputation - quick robust action will help to maintain client/stakeholder trust

Helping organisations to prepare their team to be ready and confident to deal with cyber attacks is our bread and butter. It does not have to be massively expensive or complicated. Are you ready?

6 views0 comments
bottom of page