Implementation of an information security management system according to DIN ISO 27001/TISAX

An information security management system (ISMS) regulates the organisational structure, responsibilities, processes, procedures and resources as well as the technical and organisational measures for data security.

What is TISAX?

TISAX (Trusted Information Security Assessment Exchange), with the VDA ISA catalogue, is based on DIN ISO 27001 with industry-specific extensions for the automotive industry.

Service providers and suppliers to the automotive industry must be certified according to TISAX. By registering in the TISAX database, you show a reliable level of information security and thus avoid redundant individual audits by customers.

VISTRA has experience from approx. 1000 projects in the automotive and supplier industry, introduces 27001 and TISAX and provides information security and data protection officers. We also acquire funding for these measures.

Benefits of an information security management system for your company:

  • Protection of company-specific know-how
  • Technical measures for information security and data protection correspond to the state of the art.
  • Certification also serves as a marketing tool
  • The risk assessment efficiently invests in the right place in protective measures
  • Increasing the quality of information security, saving costs and time
  • Comply with customer requirements (e.g. automotive, railway, medical, aerospace)

VISTRA Ingenieurbüro is a leading service provider in this sector with over 500 successfully implemented management system projects. Since 1994, VISTRA has supported companies in all industries in the introduction and certification of information security measures, including DIN ISO 27001. With more than 50 successful projects annually in the area of management systems, we have secured and improved the market position of our customers. The optional use of databases, e.g. for intranet management systems (manuals, process modelers) is one of many effective tools that we have developed for our customers based on many years of experience.

Project Approach

VISTRA has set itself the goal of setting up practice-oriented management systems that focus on high customer benefit.

The project management is very simple. Beginning with a short inventory, the not yet fulfilled standard elements are worked out.

The recorded processes are examined in the context of an improvement with regard to process optimization and standard. In working groups, target processes are modelled together and the corresponding documentation is created.

The implementation of the revised processes and measures is accompanied and monitored.

State Analysis

The state analysis is performed using the delta matrix, which compares the requirements of 9001 and 27001/TISAX. An information security quick check is carried out. The management system (implementation, manual, processes, instructions, forms, templates) is analysed and measures are proposed from the requirement extensions (deltas).


The kick-off event will train the management and/or the workforce on the forthcoming project “Development of the information security management system according to 27001/TISAX”.
In or after the start event, appointments are made with those responsible to discuss measures to be implemented and necessary adjustments to the process documentation. This creates the project schedule.

Information security programme, training courses

In the meetings with the responsible persons the main work in the project is done.
Training is provided on the area- or process-specific deltas (requirement extensions) of the new 27001. Then implementation examples from similar projects are shown in the form of documents (processes, instructions, forms, videos, etc.).
This input is used to develop a concept for the company’s own implementation and the necessary process documentation is jointly created or adapted in the design. Our entire database of patterns and templates is available (including processes, tools and forms for risk management, stakeholder analysis, key performance indicator cockpit, knowledge management, reliability, resource management).
This is usually done in one or more sessions in order to achieve a synergy of method training, implementation and creation of the necessary documentation. The documentation can be made directly in an own or in a VISTRA intranet solution.


The process employees are trained to work out process changes and the applicable documentation is explained. In the implementation period, the implementation of the developed processes and measures is controlled. Es werden nochmals notwendige Anpassungen vorgenommen, und die Mitarbeiter werden bei der Umsetzung unterstützt.

Project controlling

Finally, an internal audit is carried out by an approved auditor to verify the certification capability of the management system and necessary improvement measures are initiated.

Your contact to us: Contact form