TISAX and ISO/IEC 27001:2022 - Cybersecurity for the Automotive Industry

In October 2022, the ISO/IEC released the third edition of the newly titled International Standard ISO/IEC 27001:2022 named, Information Security, Cybersecurity, and Privacy Protection – Information security management systems – Requirements. According to ISO 27001 clause 4.3, the organization shall determine the boundaries and applicability of the Information Security Management System (ISMS) to determine and document its scope. Just like a formal project scope statement, the organization must define everything that is inside its ISMS scope and those activities and controls that are out of scope. ISMS implementation teams must complete a gap assessment to the requirements of this standard and prepare a Statement of Applicability (SoA) to capture all activities that it does and owns, as well as justification for those controls that do not apply to its current business model. Read this article to know more. 

Omnex SMEs (Subject Matter Experts) are well positioned to assist your Information Security implementation teams and ISMS process owners to achieve their project objectives. Please reach out to us for a free scoping discussion.

Author

Martin Hettwer

Martin Hettwer is the Managing Director for Omnex Europe. He is also the Director of Integrated Management Systems, a senior consultant and certified corporate trainer for Omnex Inc. As an Operations and Program (APQP) Manager, he has launched nine (9) new manufacturing and assembly plants, and is a leading SME for new production facility launches. Previously employed by Toyota in their new product development group, Martin focused on gated Program Management for new vehicle and assembly plant launches.