Understanding the Requirements of ISO/IEC 27001:2022 and VDA ISA TISAX

Register for courses 60 days in advance and get 10% off this price.

Register for courses 30 days in advance and get 5% off this price

Note:Pricing is dependent on location and may vary.

Course Duration: 2 Days - 8 Hours/day

This 2.5 day course provides participants with awareness and understanding of the requirements of the TISAX information security assessment maturity model (ISA released by the VDA) and illustrates important linkages to the controls and requirements from the information security management systems standard ISO/IEC 27001:2022. The intent of this training is to provide awareness and understanding of the information and asset security management system framework and maturity levels required to achieve the organization’s desired TISAX certification label.

Learning Objectives

· Understand the application of Information Security Assessment principles, and maturity of controls

· Relate the Information Security Management system clauses of ISO/IEC 27001:2013 to the organizational information, assets, product designs, services, activities and operational processes

· Relate organization’s context and interested party needs and expectations to security risk assessment, planning and implementation of an organization’s Information Security Management system

Day One

· TISAX: Trusted Information Security Assessment Exchange

o Roles Within TISAX

o Assessment Model: Simplified Group Assessment

o Assessment Methodology

o Maturity Model

· VDA ISA TISAX and ISO/IEC 27001 Compared

o ISO/IEC 27001:2022 Annex A

o TISAX Overlap with ISO/IEC 27001:2022

o TISAX Additional Controls not in ISO/IEC 27001

· TISAX Controls

o Information Security Controls

o Prototype Protection Controls

o Data Protection Controls

· TISAX Measurement and Analysis

o Group Exercise: TISAX Measurement & Analysis

Day Two

· Fundamentals of Information Security Management Systems (ISMS)

o Information Security

o What is an Information Security Management System (ISMS)?

o The ISO/IEC 270000 Fundamentals and Vocabulary

o The ISO/IEC 270001 ISMS Described

· ISO/IEC 27001:2022 Requirements Descriptions

o ISO/IEC 27001:2022 Clauses

o Annex A

o The Process Approach

· Risk-based Thinking

o ISMS Risks

o ISMS Risk Assessment

o ISMS Risk Treatment

· ISO/IEC 27001 Clause 4 – Context of the Organization

o Group Exercise 1: Context of the Organization

Day Three

· ISO/IEC 27001 Clause 5 – Leadership

· ISO/IEC 27001 Clause 6 – Planning

o Group Exercise 2: Assessing and Evaluating Risk

o Group Exercise 3: Audit Scenarios

· ISO/IEC 27001 Clause 7 – Support

· ISO/IEC 27001 Clause 8 – Operation

o Group Exercise 4: Audit Scenarios

· ISO/IEC 27001 Clause 9 – Performance Evaluation

· ISO/IEC 27001 Clause 10 – Improvement

· ISO/IEC 27001 Annex A

o Group Exercise 5: Audit Scenarios

· Understanding ISMS Final Exam

This seminar is designed for Information Security Assurance Managers, ISO/IEC 27001:2022 Implementation and/or Transition Team Members, Management Representatives, and all others who would like to develop competency with TISAX information security assessment (ISA) maturity.

Each participant will receive a seminar companion manual and an electronic copy of the Information Security Assessment workbook which includes specific questions for applying requirements, controls and maturity levels.

An understanding of the ISO/IEC 27001:2022 requirements, controls and/or work experience in applying ISO/IEC 27001:2022, as well as other ISO ISMS standards in the 27000 series is recommended.

An understanding of Risk Management for Information Security Management – there is a whitepaper available on the VDA TISAX information portal – is also important

Upcoming Training

For Implementation Support