The BAYOOSOFT Access Manager

A key part for TISAX® Certification in the Automotive Sector

Digitalization and wide-ranging supply chains demand a particularly high level of data security in the automotive industry.

The TISAX^® test and exchange standard is a questionnaire based on the ISO 27001 Norm. The Association of the Automotive Industry (VDA) established the working group “Information Security” in 2003. Experts in the automotive industry work together to develop common standards based on international norms to recommend appropriate protective measures.

The rating of the company to be certified will be determined via a questionnaire of 52 security topics (Controls). The so-called maturity model is divided into 5 stages.

TISAX^® Company Valuation according to Maturity Model

Stufe 0 – Controls incomplete	Stufe 1 – Controls passed	Stufe 2 – Controls regulated
Stufe 3 – Controls established	Stufe 4 – Controls predictable	Stufe 5 – Controls optimizing

The VDA questionnaire Vers. 4. 1. 1 has to be processed as a self-assessment. All points where no maturity level of at least 3.0 including publication of documentation and evidence is achieved, must be revised and implemented.

The main evaluation criteria are information security, data protection and prototype protection. The certification is accompanied by an audit service provider specified from the VDA and accredited by the authorized ENX Association.

Under the heading, Information Security, you will find Chapter 9 “Access Control. ” The questions, requirements and objectives mentioned there let the implementation of relevant technical solutions become an essential part. The BAYOOSOFT Access Manager supports you to answer the following TISAX^®/VDA relevant questions.

9.1 How far are regulations and processes regarding user access to network services, IT systems and applications available?

The BAYOOSOFT Permission Audit provides a tool-based analysis of the current permission situation on your fileserver.

Due to the automated permission management on file servers, SharePoint as well as applications and 3rd party systems, managed via Active Directory, you have an overview of „Who has where access rights“ for the current day or a reference day in the past.

9.2 In what manner are registration procedures, user modification or deletion implemented and is the handling of credentials confidential?

The creation or deactivation of employee accounts in the Active Directory is regularly triggered by personnel and structural changes. In addition, the permission situation in the various IT systems must be adjusted on a fine granular level.

Identity Management enables you to standardize and automate those tasks. By optimizing entire process chains, the use of resources and error rates are significantly reduced, and traceability is created to meet central regulatory requirements.

9.3 In what way is a binding policy for the creation and handling of credentials established?

The secure generation of random passwords and distribution to different destination systems is possible with the Access Manager Password Reset. At the same time, the self-service tool allows employees to restore forgotten passwords – without engagement of the help desk and in compliance with legal requirements of the German Data Protection Act and the EU GDPR.

[Source: VDA-ISA_DE_4-1-1_2019-05-29]

The TISAX^® request behind these questions is the need of a reporting ensuring an audit proven documentation.

All activities performed with the Access Manager are logged and can be reviewed by authorized individuals at any time.

The audit functionality allows you to track at any time exactly which changes were made when and by whom for which resource. You will regain full control over the activities in your systems. You also see whether unwanted permissions have been granted or withdrawn in the file system which you have not authorized.

This core function of the Access Manager ensures an audit proven documentation regarding your internal company regulations, contractual agreements and legal requirements in the area of file access authorizations.

Thanks to the transparency and complete traceability, the subject of access control will certainly be rated positively within the TISAX^® certification.

The BAYOOSOFT Access Manager ensures that the TISAX^® recertification required after 3 years will be child’s play.

It is time to become a “TISAX^®-ready” company.

Be prepared for TISAX®! In our short online webinar, we will show you the answer to all VDA questions regarding access control.

Note

We are currently experiencing problems with our forms. If you receive an error message, please send an email with your request directly to [email protected]

A key part for TISAX® Certification in the Automotive Sector

TISAX^® Company Valuation according to Maturity Model

It is time to become a “TISAX^®-ready” company.

Be prepared for TISAX®! In our short online webinar, we will show you the answer to all VDA questions regarding access control.

Next Events

News

A key part for TISAX® Certification in the Automotive Sector

TISAX® Company Valuation according to Maturity Model

It is time to become a “TISAX® -ready” company.

Be prepared for TISAX®! In our short online webinar, we will show you the answer to all VDA questions regarding access control.

Next Events

News

TISAX^® Company Valuation according to Maturity Model

It is time to become a “TISAX^®-ready” company.