driving worldwide business excellence

Understanding the Requirements of ISO/IEC 27001:2013 and VDA ISA TISAX

Home > Training > ISM > Understanding the Requirements of ISO/IEC 27001:2013 and VDA ISA TISAX

Seminar Content

This 1.5 day course provides participants with awareness and understanding of the requirements of the TISAX information security assessment maturity model (ISA released by the VDA) and illustrates important linkages to the controls and requirements from the information security management systems standard ISO/IEC 27001:2013. The intent of this training is to provide awareness and understanding of the information and asset security management system framework and maturity levels required to achieve the organization’s desired TISAX certification label.

Who Should Attend

This seminar is designed for Information Security Assurance Managers, ISO/IEC 27001:2013 Implementation and/or Transition Team Members, Management Representatives, and all others who would like to develop competency with TISAX information security assessment (ISA) maturity.

Recommended Training and/or Experience

An understanding of the ISO/IEC 27001:2013 requirements, controls and/or work experience in applying ISO/IEC 27001:2013, as well as other ISO ISMS standards in the 27000 series is recommended.

An understanding of Risk Management for Information Security Management - there is a whitepaper available on the VDA TISAX information portal- is also important.

Seminar Materials

Each participant will receive a seminar companion manual and an electronic copy of the Information Security Assessment workbook which includes specific questions for applying requirements, controls and maturity levels.

Seminar Goals

  • Understand the application of Information Security Assessment principles, and maturity of controls
  • Relate the Information Security Management system clauses of ISO/IEC 27001:2013 to the organizational information, assets, product designs, services, activities and operational processes
  • Relate organization’s context and interested party needs and expectations to security risk assessment, planning and implementation of an organization’s Information Security Management system

Seminar Agenda

Day One

  • The ISO Standards Explained
  • Introduction to ISO/IEC 27001:2013 and Key Terms from
    the ISO 27000:2014 - Overview and Vocabulary
  • ISO/IEC 27001:2013 Requirements Including Applicable Guidance from ISO 27003:2017
    • Group Exercise: Context of the Organization
    • Group Exercise: Interested Parties
    • Group Exercise: Audit Scenarios
    • Group Exercise: IT Security Controls

Day Two

  • What is TISAX and Why DoWe Need an Information Security Management System?
  • Expectations of Interested Parties
  • Introduction to the VDA Information Security Assessment workbook
  • TISAX Requirements -Shoulds, Musts and Shalls
  • Attainment of Maturity Levels
  • A Look at Related ISO/IEC 27001:2013 ISMS Clauses and Requirements
  • Additional (Good to Know) Information for Implementation
  • Understanding ISMS Final Exam

Understanding the Requirements of ISO/IEC 27001:2013 and VDA ISA TISAX

Search for Training

Course Keyword:


Start Date:

/ /

End Date:

/ /


Plantech-Omnex Partnership ppapandaudits