News & Updates

We introduced our Information Security Officer as a service (ISOaas) offering

to provide greater flexibility which is economically sound for clients. This service provides an experienced Information Security Officer to manage an organisation’s information security and risk management operations on a fractional basis, ensuring all systems and data are secure and compliant with regulatory requirements.

The multiple benefits include:

• Easy access to specialist advice and industry experience

• A central point of contact for all information security matters

• A cost-effective alternative to employing in-house specialists

• Seamless integration within your existing team

• Flexible and scalable service

• Assurance in your information security programme

• Access to other cyber security professionals via the ISOaas conduit

The Information Security Officer service is a convenient and cost-effective way for businesses to access industry-leading cyber security knowledge in a flexible and agile manner. A professionally certified and experienced security consultant enables an organisation to benefit from their years of security expertise and delivers clarity, confidence, and certainty for your digital, cyber security and network journey.

Our Information Security Officers hold a number of professional qualifications which include NCSC Certified Cyber Professional, Certified Information Systems Security Professional, Certified Information Security Manager, and ISO/IEC 27001 audit/implementor.

​Fortis delivers expert guidance and best practice advice via our team of highly experienced and qualified security professionals who support clients to accelerate, shape and deliver a coordinated information security program and manage business security risk.

"We have been delighted with the exceptional service provided through Fortis’ Information Security Officer as a Service (ISOaaS). The firm’s wealth of knowledge, security assessment capabilities, and customer-centric approach have been invaluable."

Mike Powell CEO Rapid Addition.

The EU has introduced a new regulation aimed at bolstering the digital operational resilience of financial entities operating within its borders. Known as the Digital Operational Resilience Act (DORA), this comprehensive framework establishes a set of rigorous information security and operational resilience requirements that financial firms must adhere to.

At its core, DORA mandates that financial institutions implement robust risk management frameworks, governance policies, and security strategies to identify, assess, and mitigate risks associated with their information and communication technology (ICT) systems. This includes conducting regular independent audits, implementing incident response and business continuity plans, also monitoring and testing ICT systems and security controls.

One of the key focus areas of DORA is third-party risk management. Financial entities must have a robust framework in place to identify, assess, and manage risks associated with their third-party service providers, ensuring that their partners adhere to the same high standards of digital operational resilience.

Additionally, DORA sets specific requirements for the use of cryptographic techniques, endpoint device security, and information sharing among financial institutions and regulatory authorities. Firms must also conduct regular digital operational resilience testing, including scenario-based testing and threat intelligence gathering, to assess their ability to withstand and recover from potential cyber threats and operational disruptions.

By establishing these comprehensive information security and operational resilience requirements, DORA aims to enhance the overall digital resilience of the financial sector in the European Union, safeguarding financial institutions and their customers from the ever-evolving cyber threats and operational risks that can disrupt critical financial services.

As financial firms navigate the complexities of DORA implementation, they must prioritise the development of robust governance frameworks, risk management strategies, and operational resilience capabilities to ensure compliance and protect their digital assets and operations from potential threats.

Fortis Cyber has the skillset and expertise to support organisations in getting ready for compliance. Time flies, and this regulation comes into effect in January 2025, so get your ducks in a row now.

What is TISAX?

The automotive industry deals with numerous business-critical assets and confidential data particularly in relation to R&D, design data, technology, and prototypes. In order to systematically safeguard that information, TISAX (Trusted Information Security Assessment Exchange) was developed to help the industry adopt a robust standardised approach to information security management systems and build trust and assurance throughout the supply chain.

The ENX Association, made up of motor manufacturers, suppliers, and national automotive associations, maintains the framework of criteria that defines the required information security management system (ISMS) standards for TISAX. TISAX then enables companies to share their information security assessment results with other participants and potential business partners.

Why get TISAX?

The requirements for TISAX are very closely aligned to ISO/IEC 27001, but also cover additional industry-specific requirements for data protection, supply chain security and prototype protection.

TISAX certification provides assurance that partners are operating to defined standards and best practice, and although not mandatory, it is generally regarded as a precondition to doing business within the European automotive industry.

Therefore, if your company wants to be recognised as a potential supplier or partner for Original Equipment Manufacturers (OEMs) and major car marques, it is essential to go through the TISAX assessment process.

Benefits of TISAX:

· Enables your organisation to systematically secure confidential and business-critical data and effectively manage and mitigate risk.

· Demonstrates your commitment to maintaining best practice security standards and builds confidence and trust in your business.

· Identifies your business as a potential partner throughout the international automotive industry and provides a competitive advantage over companies that do not have the TISAX standard.

· Provides a robust framework to help your organisation manage its regulatory and legal requirements and maintain compliance.

· Delivers efficiencies and promotes easier collaboration between suppliers and manufacturers by eliminating duplication of tasks.

Types of TISAX assessment:

There are 3 basic TISAX Assessment Levels, in addition to optional prototype protection and data protection checks.

· Assessment Level 1: Self-assessment questionnaire.

· Assessment Level 2: Review of self-assessment questionnaire by accredited independent external auditor, remote plausibility check and interview.

· Assessment Level 3: Verification of self-assessment questionnaire by accredited independent external auditor, comprehensive on-site inspection, and interview.

Fortis deliver a wide range of TISAX consultancy services that help organisations to:

· Understand the TISAX assessment requirements, establish which Assessment Level is appropriate for the business and define the scope.

· Carry out a full gap analysis and recommend corrective actions.

· Optimise the existing ISMS to bring it up to the required standard.

· Plan and implement a fully integrated ISMS.

· Ensure ongoing maintenance and assurance of the TISAX framework during the three-year re-certification cycle.

Get in touch to find out more about how we can support your business with TISAX compliance.