Safety and Standards

Information Security

Information protection and risk management: Security requirements in the automotive industry/ ISO 2700x

Information security requirements

Protecting business processes and information, sometimes under difficult conditions, is a key task for the corporate management. To date no standard requirements have been drawn up for protection measures.

Increasing corporate globalization brings additional demands. When business processes are networked beyond company borders, a similar level of protection is required for all those involved.

In the automotive industry in particular, such networking harbors not only a large number of opportunities; at the same time it makes users more vulnerable and more susceptible to both external and internal threats.



Based on the previous Version 3.0.2 from January 2017, the catalog has been developed and now contains additional controls for the use of cloud services/cloud service providers. The description of the maturity level model has also been revised and the requirements for maturity level 1 have been reworded and clustered accordingly. The current Version 4.0.3 of the document, dated February 15, 2018, is now available in German and English.

Based on the results of the Working Group “Information Security,” the VDA has recommended its members to bring their information protection into line with the international standard ISO 2700x (formerly BS 7799).

The VDA supports its member companies in this process of alignment, with the documents “Communiqué on Information Protection” and the “Information Security Assessment” (see Further Information).





Nach oben springen