Was Sie hier sehen: Einen Abgleich der Anforderungen, ausgehend von Anhang A der ISO 27001. In der linken Spalte sehen Sie die Anforderungen des Anhang A, in der rechten Spalte sehen Sie die themenverwandten Controls aus VDA® ISA. Beachten Sie, dass die Anforderungen aus VDA® ISA in den meisten Fällen umfangreicher sind als die der ISO 27001. Ein erfülltes Control des Anhang A bedeutet daher noch keine vollständige Konformität mit dem themenverwandten Control das VDA® ISA - Kataloges.
Was Sie hier nicht sehen: Sie sehen keine vollständige Auflistung der Controls aus VDA® ISA - es gibt Controls in VDA® ISA, die nicht im Anhang A der ISO 27001 enthalten sind.
What you see here: A comparison of the requirements (mapping table), starting from Annex A of ISO 27001. In the left column you see the requirements of Annex A, in the right column you see the related controls from VDA® ISA. Please note that the requirements of VDA® ISA are in most cases more extensive than those of ISO 27001. A fulfilled control in Appendix A therefore does not mean complete conformity with the related control in the VDA® ISA catalog.
What you don't see here: You don't see a complete list of controls from VDA® ISA - there are controls in VDA® ISA that are not included in Annex A of ISO 27001.
| ISO 27001:2022 Control | VDA® ISA 5.1 (TISAX®) Control |
|---|---|
| 5.1 Policies for information security | 1.1.1 |
| 5.2 Information security roles and responsibilities | 1.2.2 |
| 5.3 Segregation of duties | 1.2.2 |
| 5.4 Management responsibilities | 1.2.1 / 2.1.3 |
| 5.5 Contact with authorities | --- |
| 5.6 Contact with special interest groups | --- |
| 5.7 Threat intelligence | --- |
| 5.8 Information security in project | 1.2.3 |
| 5.9 Inventory of information and other associated assets | 1.3.1 |
| 5.10 Acceptable use of information and other associated assets | 1.3.2 / 3.1.3 |
| 5.11 Return of assets | 3.1.3 |
| 5.12 Classification of information | 1.3.2 |
| 5.13 Labelling of information | 1.3.2 |
| 5.14 Information transfer | 1.3.2 / 5.1.2 / 6.1.2 |
| 5.15 Access control | 3.1.1 / 4.1.1 / 4.1.2 |
| 5.16 Identity management | 4.1.3 |
| 5.17 Authentication information | 4.1.3 / 4.2.1 |
| 5.18 Access rights | 4.1.3 / 4.2.1 |
| 5.19 Information security in supplier relationships | 6.1.1 |
| 5.20 Addressing information security within supplier agreements | 6.1.2 |
| 5.21 Managing information security in the information and communication technology (ICT) supply chain | 6.1.1 / 6.1.2 |
| 5.22 Monitoring, review and change management of supplier services | 6.1.1 |
| 5.23 Information security for use of cloud services | 1.2.4 / 5.3.3 / 5.3.4 |
| 5.24 Information security incident management planning and preparation | 1.6.1 |
| 5.25 Assessment and decision on information security events | 1.6.1 |
| 5.26 Response to information security incidents | 1.6.1 |
| 5.27 Learning from information security incidents | 1.6.1 |
| 5.28 Collection of evidence | 1.6.1 |
| 5.29 Information security during disruption | 3.1.2 |
| ISO 27001:2022 Control | VDA® ISA 5.1 (TISAX®) Control |
|---|---|
| 5.30 ICT readiness for business continuity | 3.1.2 |
| 5.31 Legal, statutory, regulatory and contractual requirements | 5.1.1 / 7.1.1 |
| 5.32 Intellectual property rights | 7.1.1 |
| 5.33 Protection of records | 7.1.1 |
| 5.34 Privacy and protection of personal identifiable information (PII) | 7.1.1 / 7.1.2 |
| 5.35 Independent review of information security | 1.5.2 |
| 5.36 Compliance with policies, rules and standards for information security | 1.5.1 |
| 5.37 Documented operating procedures | 1.1.1 |
| 6.1 Screening | 2.1.1 |
| 6.2 Terms and conditions of employment | 2.1.2 |
| 6.3 Information security awareness, education and training | 2.1.3 |
| 6.4 Disciplinary process | 2.1.2 |
| 6.5 Responsibilities after termination or change of employment | 2.1.2 |
| 6.6 Confidentiality or non-disclosure agreements | 2.1.2 / 6.1.2 |
| 6.7 Remote working | 2.1.4 |
| 6.8 Information security event reporting | 1.6.1 |
| 7.1 Physical security perimeters | 3.1.1 |
| 7.2 Physical entry | 3.1.1 |
| 7.3 Securing offices, rooms and facilities | 3.1.1 |
| 7.4 Physical security monitoring | 3.1.1 |
| 7.5 Protecting against physical and environmental threats | 3.1.2 |
| 7.6 Working in secure areas | 3.1.1 |
| 7.7 Clear desk and clear screen | 1.1.1 / 3.1.1 |
| 7.8 Equipment siting and protection | --- |
| 7.9 Security of assets off-premises | 2.1.4 / 3.1.4 |
| 7.10 Storage media | 3.1.3 |
| 7.11 Supporting utilities | --- |
| 7.12 Cabling security | --- |
| 7.13 Equipment maintenance | --- |
| ISO 27001:2022 Control | VDA® ISA 5.1 (TISAX®) Control |
|---|---|
| 7.14 Secure disposal or re-use of equipment | 3.1.3 |
| 8.1 User end point devices | 5.2.3 |
| 8.2 Privileged access rights | 4.1.3 / 4.2.1 |
| 8.3 Information access restriction | 1.3.2 / 4.1.2 |
| 8.4 Access to source code | --- |
| 8.5 Secure authentication | 4.1.2 |
| 8.6 Capacity management | --- |
| 8.7 Protection against malware | 5.2.3 |
| 8.8 Management of technical vulnerabilities | 5.2.5 |
| 8.9 Configuration management | 1.3.3 |
| 8.10 Information deletion | 1.3.2 / 5.1.1 / 5.3.1 |
| 8.11 Data masking | --- |
| 8.12 Data leakage prevention | --- |
| 8.13 Information backup | 3.1.2 |
| 8.14 Redundancy of information processing facilities | 3.1.2 |
| 8.15 Logging | 5.2.4 |
| 8.16 Monitoring activities | 5.2.4 |
| 8.17 Clock synchronization | --- |
| 8.18 Use of privileged utility programs | --- |
| 8.19 Installation of software on operational systems | 5.2.5 |
| 8.20 Networks security | 5.2.7 |
| 8.21 Security of network services | 5.2.7 / 5.3.2 |
| 8.22 Segregation of networks | 5.2.7 |
| 8.23 Web filtering | 1.3.3 |
| 8.24 Use of cryptography | 5.1.1 / 5.1.2 |
| 8.25 Secure development life cycle | 5.2.2 |
| 8.26 Application security requirements | 5.2.1 |
| 8.27 Secure system architecture and engineering principles | 5.3.1 |
| 8.28 Secure coding | 5.3.1 |
| ISO 27001:2022 Control | VDA® ISA 5.1 (TISAX®) Control |
|---|---|
| 8.29 Security testing in development and acceptance | 5.3.1 |
| 8.30 Outsourced development | 5.2.2 / 5.3.1 |
| 8.31 Separation of development, test and production environments | 5.2.2 |
| 8.32 Change management | 5.2.1 |
| 8.33 Test information | 5.2.1 |
| 8.34 Protection of information systems during audit testing | 5.2.6 |
Hier finden Sie demnächst weitere Normenvergleiche!
Soon you will find additional mapping tables!