Implementing an Information Security Management System (ISMS) based on TISAX

by Martin Hettwer published on January 10, 2022

Senior Leadership’s determination to integrate an Information security management system within the organization’s business management processes is a business decision and one that is rooted in the real and perceived value of its intellectual property, business information, and technology infrastructure assets.

Once the decision to implement an Information security management system (ISMS) is made, Leadership shall establish a steering committee and provide project resources for a multi-disciplinary team, tasked with the implementation of information security (IS) management system controls intended to manage and protect the organizations IS and Information Technology (IT) (business) assets.

With direction from the Steering Committee, this multi-disciplinary team shall approach the objective of ensuring the integration of the ISMS requirements, controls, and policies into the organization’s business processes; as noted in ISO/IEC 27001:2013 Clause 5.1 c) Leadership and commitment. The control objectives and controls listed in ISO 27001 Annex A (Table A.1) are directly derived from and aligned with those listed in ISO/IEC 27002:2013.

Download this Whitepaper by Martin Hettwer to know more about Implementing Information Security Management System (ISMS) based on TISAX


Martin Hettwer

Martin Hettwer is the Managing Director for Omnex Europe. He is also the Director of Integrated Management Systems, a senior consultant and certified corporate trainer for Omnex Inc. As an Operations and Program (APQP) Manager, he has launched nine (9) new manufacturing and assembly plants, and is a leading SME for new production facility launches. Previously employed by Toyota in their new product development group, Martin focused on gated Program Management for new vehicle and assembly plant launches.