The UK technical centres and facilities of Ricardo’s Automotive & Industrial division have achieved Trusted Information Security Assessment Exchange (TISAX) Level 2 accreditation for information security.
TISAX is a programme for assessing the information security systems of companies in the automotive sector. It targets data protection and integrity as well as availability in both in the automotive manufacturing process and during vehicle operation. Behind TISAX stands an information security management system similar to that defined by the International Standard ISO/IEC 27001:2013. Based on this standard, the German Association of the Automotive Industry (VDA) has developed a set of ‘catalogues of requirement’ for the specific needs of the automotive industry.
Information security has always been central to Ricardo’s operations, as the company interacts with clients worldwide, often needing to exchange commercially sensitive and confidential information relating to new product designs and advance technology research projects. This has come into even sharper focus in 2020, however, with the deployment of the company’s ‘Digital First’ strategy which has placed an emphasis on activities such as virtual product design. Digitalisation is driving an increase of data in the design and manufacturing processes. This applies in particular to the automotive industry. TISAX broadens the nature of projects that can be collaborated upon including, for example, where clients can make greater use of Ricardo’s design and manufacturing capabilities.
Ricardo has achieved TISAX assessment Level 2 (Information with High Protection Needs), with expectation to be accredited to Level 3 (Protection of Prototype Parts and Components) during 2021, once it is possible for an on-site physical audit inspection to take place.
“As part of our continuous improvement at Ricardo, we wanted to provide a control environment better matched to the needs of the automotive sector,” commented Ricardo group IT director Simon Campbell. “Given the level of overlap between ISO/IEC 27001:2013 and TISAX, we chose to expand on our existing ISO/IEC 27001:2013 information security management system to incorporate the TISAX framework at our UK automotive sites, including our manufacturing facilities in Shoreham by Sea and Leamington Spa. This allowed us to achieve assessment Level 2 relatively quickly and we look forward to expanding this to TISAX assessment Level 3 in 2021 once travel restrictions and Covid protocols permit on-site audit inspections to resume.”