TISAX: New ISA catalog published by VDA

In addition to the change in naming – in previous versions the catalogue was officially called the “VDA ISA Catalogue”, from version 6 the catalogue will only be called the “ISA Catalogue” – there are some significant new features in terms of content:

New “leading” language version

With version 6 of the ISA catalogue, English will become the leading language version; further language versions such as German, Spanish, French, Italian, Chinese etc. are planned and will be published successively. However, the additional language versions are always translations of the English “master version”, i.e. from now on, the catalogue will only be further developed in the English language version.

New assessment objectives / TISAX^® labels with the focus

The previous “Info high” and “Info very high” labels were split in terms of availability at the start of 2023. This division has now been consistently continued with regard to confidentiality, so that the following four labels now exist

• High availability
• Confidential
• Very high availability
• Strictly confidential

5 new controls

To better focus on IT availability and resilience (incl. OT), five new controls on the following topics have been introduced:

• 3.4 Software approval
• 6.2 Managing of security events
• 6.3 Handling of crisis situations
• 2.8 IT service continuity planning
• 2.9 Backup and recovery

Data protection module

The data protection catalogue for the assessment objectives / TISAX^® labels “Data” and “Special data” has been completely revised.

References

References to other international standards in the area of cyber and information security have been expanded: the existing references, such as to ISO 27001, have been updated and further references (BSI Grundschutz and NIST Cyber Security Framework V1.1) have been added.

Implementation instructions

The “good practice” notes and instructions already available in V5 have been greatly expanded and further developed.