Changelog

Release 2021-09

Added

  • AddedNew document: VDA® ISA 5.0.4_EN_prefilled - Prefilled catalogue with implementation description and reference documents
  • AddedNew document: Visitor handout - Handout with relevant informations for visiting the location
  • AddedNew document: Interested parties

Fixed

Updated

  • UpdatedAccess policy: With expanded table under 2.1 to include burglary prevention
  • UpdatedAccess policy: With new information box
  • UpdatedAction plan: 4 new measures have been added among the examples 44 – 47
  • UpdatedAppointment information security officer: With improved terminology
  • UpdatedAudit program (2021-2023): With optimised table for better readability
  • UpdatedAudit protocol: Now with extended audit summary
  • UpdatedAudit protocol: Now with more questions in the VDA® ISA Trail
  • UpdatedContract addendum information security and confidentiality statement (NDA): With clear reference to duration of confidentiality agreement beyond employment relationship
  • UpdatedCryptography policy: Emergency process for the recovery of key material added
  • UpdatedDevelopment policy: Improved terminology
  • UpdatedEmergency plan: New references to the test of emergency scenarios added under chapter 2.2
  • UpdatedEmergency plan: Improved terminology
  • UpdatedExplanation of the structure of documents: Improved terminology
  • UpdatedHandling of incidents: Adjusted tasks of the CERT under 2.2.1
  • UpdatedHandling of incidents: New examples in chapter 2.3
  • UpdatedNon-disclosure agreement (NDA): Secrecy beyond the contractual relationship validly has been added
  • UpdatedNon-disclosure agreement (NDA): Obligation for subcontractors to keep secrecy has been added
  • UpdatedOn-off-reboarding checklist: Optimized table for better readability
  • UpdatedOn-off-reboarding checklist: Added table for longer employee absences
  • UpdatedStep by Step Guide for TISAX® Chapter 1.3.1: Implementation description has been added
  • UpdatedStep by Step Guide for TISAX® Chapter 1.3.3: "Information classification policy" is now included as reference document
  • UpdatedStep by Step Guide for TISAX® Chapter 1.5.1: “Procedures for implementing corrective actions” is now included as reference document
  • UpdatedStep by Step Guide for TISAX® Chapter 3.1.2: Action plan is now included as reference document
  • UpdatedStep by Step Guide for TISAX® Chapter 4.1.2: "Network security policy" is now included as reference document
  • UpdatedStep by Step Guide for TISAX® Chapter 8.1.7: Template “Visitor Handout” is now included as optional reference document
  • UpdatedStep by Step Guide for TISAX® Chapter 8.3.1: "Supplier evaluation" is now included as reference document

Changed

Note

Language

Removed

Release 2021-04

Added

  • AddedNew document: Personell security policy
  • AddedNew document: Granted contractor access

Fixed

Updated

  • UpdatedAction plan: Now contains Management Review & CERT-Meetings
  • UpdatedAppointment information security officer: With new information box
  • UpdatedAudit protocol: The audit trail for VDA® ISA/ TISAX® now consists of leading questions
  • UpdatedAudit protocol: with new information box
  • UpdatedBackup policy: The columns Backup frequency and Maximum recovery time have been added to the table
  • UpdatedCryptographic policy: Now contains a reference under 2.2 to possible export restrictions
  • UpdatedCryptographic policy: Now contains regulations example for RDP and SSH
  • UpdatedDefinition of scope: Now contains new chapter 2.1 for applicable standard
  • UpdatedInformation security policy: chapter 2 with more information about applicables policies
  • UpdatedInventory of assets: Expertise & industry knowledge has been included as an asset
  • UpdatedKey performance indicators (KPI): Examples of KPIs according to VDA® ISA have been added
  • UpdatedLogging policy: Chapters 2.2 Clock synchronisation and 2.3 Capacity planning have been added
  • UpdatedMalware protection policy: Clearer structure in the document
  • UpdatedStep by Step Guide for TISAX® Chapter 1.1.1: The “Personnel Security Guideline” was referenced
  • UpdatedStep by Step Guide for TISAX® Chapter 1.1.1: Step 5 under the “Should” requirements has been added.

Changed

  • ChangedAction plan: The examples were transferred to an extra example table
  • ChangedAudit program: Filename now includes period (e.g. 2021-2023)
  • ChangedAudit program: Audit criterias examples simplified
  • ChangedAudit protocol: Converted from Excel file to Word file
  • ChangedBackup policy: Under chapter 3, the table has been converted to landscape format
  • ChangedChange management: The german document “Änderungsmanagement” has been renamed Change Management
  • ChangedChange management: The german document “Liste der Änderungen” has been renamed Change Management Plan
  • ChangedHandling of incidents: Under Chapter 3, “List of incidents” has been changed to “List of incidents”.
  • ChangedHandling of incidents: Chapters 2.3 and 2.4 have been combined and renamed Information Security Incidents & Handling
  • ChangedEmergency plan: Under Chapter 2.2, the “List of Incidents” has been changed to “List of Incidents”.
  • ChangedInformation classification policy: Under chapter 1.6, the table was changed to landscape format
  • ChangedInformation classification policy: Under chapter 1.5, the special rules already described were combined
  • ChangedLogging policy: In chapter 2.4 the table was changed to landscape format.
  • ChangedMobile device and remote working policy: The document has been renamed the Mobile Devices and Remote Working Policy
  • ChangedMobile device and remote working policy: The chapters have been restructured into 2.1 General rules on the use of mobile devices, 2.2 Within the company and 2.3 Remote working
  • ChangedNon-disclosure agreement: The document has been given the name addendum "(NDA)"

Note

Language

Removed

  • RemovedInformation classification policy: The item “Always include a list of valid recipients when classifying “confidential & strictly confidential”.” has been removed
  • RemovedInventory of assets: “Verified on? Last updated on:” has been removed
  • RemovedProcedure for implementing corrective measures: Chapter 2.4 has been removed

Release 2021-04

Added

  • AddedNew Course & Reference Guide for VDA® ISA 5.0 / TISAX®: This guide will lead you step-by-step through all requirements and update your ISMS from ISA 4.0 to 5.0.
  • AddedNew document: Identification of requirements
  • AddedNew document: IT Procurement
  • AddedNew document: Legal cadastre
  • AddedNew document: Logging policy
  • AddedNew document: Malware protection
  • AddedNew document: On-off-reboarding checklist

Updated

  • UpdatedAll documents were aligned with the new guide

Removed

  • RemovedIT administration policy: Replaced by new documents (Malware, Logging, Procurement)

Release 2020-10

Added

  • AddedAdded more real life example in all documents
  • AddedNew document: Audit procedure
  • AddedNew document: IT administration policy
  • AddedNew document: Management review
  • AddedNew document: Network security policy
  • AddedNew document: Password policy
  • AddedNew document: Physical Access Policy
  • AddedNew document: Risk management procedure
  • AddedNew document: Training concept

Changed

  • ChangedReworked strucutre of all documents to ease readability.

Language

  • LanguageAll Content is now also available in English

Added

Fixed

Updated

Changed

Note

Language

Removed