VDA Information Security Assessment: version 4.1.0 now available
In 2005 the VDA issued a recommendation for information security requirements at companies in the automotive industry. To support the member companies a catalog of questions was developed to guide those familiarizing themselves with the topics of ISO/IEC 27001 and ISO/IEC 27002.
Based on the previous version 4.0.4 from June 2018, the catalog has now been reworded and the requirements are described in more detail. The current version 4.1.0 of the document, dated December 13, 2018, is now available in German and English.
The “Prototype protection” module has been revised and now follows the same structure as the main catalog. The “Connections to third parties” module describes the specific requirements to be considered when space is rented by suppliers or service providers and a connection to the network of the other company is to be established on the premises. The “Data protection” module applies when service providers are mandated to process information in the meaning of Art. 28 of the European General Data Protection Regulation (GDPR).
The revised catalog will be valid from January 1, 2019. In justified exceptional cases the previous catalog may continue to be used for a transitionary period up to June 30, 2019. The additional modules mentioned above supersede all company-specific “special catalogs” stipulating other requirements.
The VDA provides the documents “Information security recommendation” and the “Information Security Assessment” to support its member companies in this process of alignment (see “Further information”).