Understanding the Requirements of ISO/IEC 27001:2013 and VDA ISA TISAX for Information Security Management Systems

Register for courses 60 days in advance and get 10% off this price.

Register for courses 30 days in advance and get 5% off this price

Note:Pricing is dependent on location and may vary.

Course Duration: 2 Days - 8 Hours/day

Omnex is not presently a VDA licensee. If the VDA auditor “card” is required by a customer for their suppliers’ auditors, attendees should confirm with a licensed provider if they can take the official exam after this course.

This two-day course provides participants with awareness and understanding of the requirements of the TISAX information security assessment maturity model (ISA released by the VDA) and illustrates important linkages to the controls and requirements from the information security management systems standard ISO/IEC 27001:2013. The intent of this training is to provide awareness and understanding of the information and asset security management system framework and maturity levels required to achieve the organization’s desired TISAX certification label.

Learning Objectives

  • Understand the application of Information Security Assessment principles, and maturity of controls
  • Relate the Information Security Management system clauses of ISO/IEC 27001:2013 to the organizational information, assets, product designs, services, activities and operational processes
  • Relate organization’s context and interested party needs and expectations to security risk assessment, planning and implementation of an organization’s Information Security Management system

Day One

  • Introduction and Welcome
  • What is TISAX and Why Do We Need an Information Security Management System?
  • Expectations of Interested Parties
  • Introduction to the VDA Information Security Assessment workbook
  • TISAX Requirements - Shoulds, Musts and Shalls
  • Attainment of Maturity Levels
  • A Look at Related ISO/IEC 27001:2013 ISMS Clauses and Requirements
  • Additional (Good to Know) Information for Implementation

Day Two

  • The ISO Standards Explained
  • Introduction to ISO/IEC 27001:2013 and Key Terms from the ISO 27000:2014 - Overview and Vocabulary
  • ISO/IEC 27001:2013 Requirements Including Applicable Guidance from ISO 27003:2017
  • Group Exercise: Context of the Organization
  • Group Exercise: Interested Parties
  • Group Exercise: Audit Scenarios
  • Group Exercise : IT Security Controls
  • Understanding ISMS Final Exam

This seminar is designed for Information Security Assurance Managers, ISO/IEC 27001:2013 Implementation and/or Transition Team Members, Management Representatives, and all others who would like to develop competency with TISAX information security assessment (ISA) maturity.

Each participant will receive a seminar companion manual and an electronic copy of the Information Security Assessment workbook which includes specific questions for applying requirements, controls and maturity levels.

An understanding of the ISO/IEC 27001:2013 requirements, controls and/or work experience in applying ISO/IEC 27001:2013, as well as other ISO ISMS standards in the 27000 series is recommended.

Upcoming Training

For Implementation Support