DERUUA
Implementation of VDA ISA and ENX TISAX®

Implement the VDA ISA security standard, pass the ENX TISAX® audit, and get new opportunities in the automotive industry.


Online audit
Free consultation
Andrew Buldyzhov, CIO

ENX TISAX® Implementation

Scope definition is crucial for VDA ISA and ENX TISAX®. Any mistakes at this stage can lead to excessive implementation and maintenance works or to problems with the certification. In addition, we perform the initial prioritization of tasks, to allow you to get the most important security measures as soon as possible. We perform this stage for you free of charge. When you are sure that you are interested in working with us further, we will send you a commercial offer and sign a service agreement.
This stage usually takes 3 to 4 weeks, depending on the scope. We interview your employees, verify documents, assess physical security and the perimeter, etc. This stage includes an analysis of the current state of the processes and information security management controls, business processes and technological processes; analysis of the physical security of the premises, personnel, IT infrastructure, etc. The outcome of this stage is an initial audit report, gap analysis and a detailed schedule for the implementation of the VDA ISA controls.
This stage is usually performed within 4 to 9 months, depending on the scope, initial state, requirements and the results of the previous stage. We perform: building and automation of the ISMS using the appropriate GRC tools; implementation of basic security management processes (incident, change management, etc.); implementation of the necessary basic security measures and controls; implementation of the basic SDLC elements; training for employees in security policies and rules; development and calculation of KPI. The result of this phase is not just a set of documents and records that correspond to your actual processes, but also a new security culture within your organization and the highest degree of readiness for official certification.
The certification process usually lasts 1-3 months, depending on the approved scope. During this stage, we will select the certification body, perform a pre-audit, make the necessary corrections and conduct the certification audit. During the audit, we represent you and show what we have built for you. After that, the auditor analyzes the results, collects the evidence and produces the final report. Finally, you get the ENX TISAX® certificate, become officially compliant and can proudly share the assessment results with your clients through the ENX portal.
Details.

Support and Managed Compliance

Monthly or quarterly training of all employees at all locations. The training takes 1 hour and can be held for various categories of employees (general staff, software developers, system administrators, HR, etc.).
Staff Training
All software source code, including scripts, must be analyzed to prevent accidental or intentional vulnerabilities. We are highly competent in application security, so we perform the security analysis of source code with the highest quality.
Source Code Security Audit
Many security risks cannot be foreseen since the organization’s infrastructure and environment change. New partners, services, interfaces appear. New vulnerabilities are emerging in open and proprietary applications. Therefore, situational risk analysis is needed.
Situational Risk Analysis
Network firewalls, web application firewalls, VPN, NAC, Intrusion Detection Systems (IDS/IPS, NIDS/NIPS), integrity monitoring systems, DLP (Data Leakage Protection) systems, Identity and Access Management (IAM) systems, SIEM systems, etc. Such systems require regular monitoring.
Monitoring of Security Systems
Regulatory and operational security documents require continuous improvement. This is necessary to increase the organization's security, but can also make the work more inconvenient. We will keep the balance between these opposing factors.
Support for Security Policies and Procedures
Unfortunately, even with the most advanced security management system, security incidents can occur. It is necessary to identify the incidents in good time and respond to them correctly. We have extensive practical experience not only in eliminating the consequences of incidents but also in cyber-forensics, that is, in the prosecution and punishment of cybercriminals.
Incident Management
The most practical method of security management is to simulate the actions of computer criminals and other malicious subjects and to test the strength of systems and people to get a true understanding of security. We are the leaders in penetration testing and provide the highest quality for this type of security assessment.
Vulnerability Scan and Pentest
GRC tools (Governance, Risk management, and Compliance) require constant attention and development to ensure continuous compliance with security requirements, to carry out risk management at all levels and to receive convenient reports on the current security status of the organization at a strategic level.
GRC Reporting Support
Monthly or quarterly reports to senior management on security incidents, if any, as well as on the general status and progress of information security.
Regular Reporting to Senior Management

Learn more about us.

News and recommendations

  • Read our case study on the implementation of ENX TISAX® in a company that develops automotive systems. We are proud that we have completed one of the first ENX TISAX® implementation projects in Eastern Europe. After that, we used our experience to deliver other ENX TISAX® projects. We were the first and remain the best!
  • We recommend VDA ISA and ENX TISAX® Compliance Assessment Online Wizard for you. Spend 30 minutes to check the extent to which your company complies with VDA ISA and ENX TISAX®, and also how much time you need to achieve full compliance and certification.
  • Consider our assistance in the implementation of ISO/IEC 27001, ISO/IEC 27002, ISO/TS 16949, ASPICE (Automotive Software Performance Improvement and Capability dEtermination) and GDPR (General Data Privacy Regulation) compliance. Fill in the form below to get a free consultation.

More news.

Consultation

E-mail: [email protected].
Phone, Telegram, Viber, WhatsApp: +380958860891.

By pressing the ‘Send’ button you are agreeing with our Privacy Policy. We do not spam or disclose your personal data to anyone.

Our certificates:

(ISC)2
CISSP
Offensive Security
OSCP
ISACA
CISA
CISM
Microsoft
PECB
LPTP
Qualys
PECB
LPTP
BSI
LPTP
BSI