ISO/IEC 27001:2022 & VDA ISA TISAX Internal Auditor Training Live-Online (4-Day)
This two-day course provides participants with awareness and understanding of the requirements of the TISAX information security assessment maturity model (ISA released by the VDA) and illustrates important linkages to the controls and requirements from the information security management systems
standard ISO/IEC 27001:2013. The intent of this training is to provide awareness and understanding of the information and asset security management system framework and maturity levels required to achieve the organization’s desired TISAX certification label.
- Understand the application of Information Security Assessment principles, and maturity of controls
- Relate the Information Security Management system clauses of ISO/IEC 27001:2013 to the organizational information, assets, product designs, services, activities and operational processes
- Relate organization’s context and interested party needs and expectations to security risk assessment, planning and implementation of an organization’s Information Security Management system
An understanding of the ISO/IEC 27001:2013 requirements, controls and/or work experience in applying ISO/IEC 27001:2013, as well as other ISO ISMS standards in the 27000 series is recommended. An understanding of Risk Management for Information Security Management – there is a whitepaper available on the VDA TISAX information portal – is also important
- Introduction and Welcome
- What is TISAX and Why Do We Need Information Security Management System
- Expectations of Interested Parties
- Introduction to the VDA Information Security Assessment workbook
- TISAX Requirements – Shoulds, Musts and Shalls
- Attainment of Maturity Levels
- A Look at Related ISO/IEC 27001:2013 ISMS Clauses and Requirements
- Additional (Good to Know) Information for Implementation
- The ISO Standards Explained
- Introduction to ISO/IEC 27001:2013 and Key Terms from the ISO 27000:2014 – Overview and Vocabulary
- ISO/IEC 27001:2013 Requirements Including Applicable Guidance from ISO 27003:2017
- Group Exercise:
- Context of the Organization
- Group Exercise: Interested Parties
- Group Exercise: Audit Scenarios
- Group Exercise : IT Security Controls
- Understanding ISMS Final Exam