Nexus gains new security accreditation – highest level of InfoSec for Automotive Industry
When it comes to information security, our customers and partners have high expectations. Meeting these requirements is one of our most important concerns - which is why we recently had Nexus* audited for ISO 27001:13, Information Security Management Systems certification, and we have now taken a similar step forward with our information security compliance for the automotive segment. Information security is our top priority and Nexus* is proud to announce the completion of the highest protection level of TISAX certification (Assessment level 3 – information with very high protection level).
Nexus and TISAX
European automotive companies rely on trust to develop, build, and operate new vehicles. They use the Trusted Information Security Assessment Exchange (TISAX) to provide an aligned information security assessment. An independent accredited auditor, TÜV SÜD, completed the TISAX assessment of Nexus*.
“We continue to strive for the highest international standards and these latest achievements provide clear evidence of the ongoing expansion of our operations as an identity company in line with Nexus strategy to provide large scale infrastructure services” says Magnus Malmström, CEO of Nexus.
Nexus* has already been certified according to the ISO 27001:2013 standard by the accredited certification company RISE (Research Institutes of Sweden AB). “TISAX and ISO 27001 are very similar, and one of the most important concepts of TISAX, the maturity levels, is compatible with ISO 27001, and can help us to improve our information security management system at Nexus*. TISAX and ISO 27001 help us to improve our organization and operations as a supplier in the identity industry,” says Haifa Totangy, Chief Security Officer of Nexus.
To help secure the ever-increasing connectivity in the automotive industry, the German Association of the Automotive Industry (Verband der Automobilindustrie, VDA) developed a catalog of criteria for assessing information security. The VDA Information Security Assessment (German and English) is based on the fundamentals of the international ISO/IEC 27001 and 27002 standards adapted to the automotive industry. In 2017, it was updated to cover controls for the use of cloud services.
VDA member companies used this instrument both for internal security assessments and for assessments of suppliers, service providers, and other partners that process sensitive information on their behalf. However, because these evaluations were handled individually by each company, it created a burden on partners and duplicated effort on the part of VDA members.
To help streamline evaluations, the VDA set up a common assessment and exchange mechanism, the Trusted Information Security Assessment Exchange (TISAX). The catalogue of underlying TISAX requirements, Questionnaire for Checking Information Security Assessment and Information Security Management, Vers. 4 (German and English), provides common standards for IT security measures, and enables companies registered in TISAX to share assessment results. The VDA entrusted a neutral third party, the ENX Association, with TISAX implementation. In that capacity, it accredits auditors, maintains the accreditation criteria and assessment requirements, and monitors the quality of implementation and assessment results.
*Technology Nexus Secured Business Solutions AB