Scribd
Upload
125 views2 pages

TISAX Consent Declaration for Volkswagen

The document is a declaration of consent for Volkswagen AG and its affiliates to measure the information protection of the Contracting Party according to the TISAX standard. The Contracting Party agrees to (1) take technical and organizational measures to ensure the availability of its production, information, systems and infrastructure; (2) implement security measures according to the VDA-ISA standard; and (3) undergo a TISAX audit to prove the implementation of security measures. The Contracting Party will bear the costs of the audit and any necessary remedial measures.

Uploaded by

Mert Atay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
125 views2 pages

TISAX Consent Declaration for Volkswagen

The document is a declaration of consent for Volkswagen AG and its affiliates to measure the information protection of the Contracting Party according to the TISAX standard. The Contracting Party agrees to (1) take technical and organizational measures to ensure the availability of its production, information, systems and infrastructure; (2) implement security measures according to the VDA-ISA standard; and (3) undergo a TISAX audit to prove the implementation of security measures. The Contracting Party will bear the costs of the audit and any necessary remedial measures.

Uploaded by

Mert Atay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Page 1 of 2

Declaration of consent for the measurement of information


protection according to TISAX

Name:

Street:

Post code, city:

– hereinafter referred to as the “Contracting Party” –

issues to Volkswagen AG and its affiliated companies pursuant to Section 15 et seq. of the German
Stock Corporation Act (AktG) (hereinafter referred to as the “VOLKSWAGEN Group”) the following

Declaration of consent for the measurement of information protection according to


TISAX with the protection objective “Availability”

For the VOLKSWAGEN Group, the long-term reliable delivery capability of the Contracting Party and
the protection of information in the sense of business secrets is an essential part of maintaining its
own ability to work. Ensuring the availability, integrity, authenticity and confidentiality of the
Contracting Party’s production, information, systems and (IT) infrastructure is therefore of crucial
importance for the joint success during the collaboration.

1. In order to safeguard the “availability” of the Contracting Party (delivery capability), the
Contracting Party undertakes, in relation to the VOLKSWAGEN Group, to take all technical and
organisational measures necessary for information security and to protect its own digital and
physical infrastructure (hereinafter referred to as “protective measures”).

2. As part of the protective measures, the Contracting Party undertakes, depending on the
requirements of the VOLKSWAGEN Group, to implement (if these are not already in place)
measures in accordance with the state of the art and to maintain these.

3. As “state of the art” in terms of information security in the VOLKSWAGEN Group applies the
VDA-ISA standard (Information Security Assessment) in the version most recently published and
released for use by the VDA.

4. The VOLKSWAGEN Group is entitled to demand proof of the implementation of the measures
for information security and the protection of availability from the Contracting Party. For this
reason, the Contracting Party undertakes to perform a TISAX audit regarding its existing
information security measures.

5. Obtaining a positive TISAX (Trusted Information Security Assessment Exchange) audit result
and providing the audit result on the ENX portal with at least the certificate for the audit label
“high availability” shall be sufficient to proof the implementation of the VDA-ISA standard to the
VOLKSWAGEN Group. Other, higher TISAX certifications also fulfil this requirement and will

TISAX declaration of consent – Cl. 2.3 – 15 years – 02 18 Volkswagen Aktiengesellschaft.


INTERNAL
Page 2 of 2

equally be accepted.

6. The Contracting Party shall bear the costs of the TISAX information security audit as well as the
costs of any measures necessary to eliminate possible deviations from the VDA-ISA standard.

7. The Contracting Party undertakes to register immediately – but no later than June 30th, 2023 –
for TISAX certification with ENX (portal.enx.com) if no TISAX certification has been obtained to
date, and to activate the TISAX Participant IDs PVPT9Z and PPW911.

8. The Contracting Party shall proactively inform the VOLKSWAGEN Group of any subsequent
changes to the TISAX certification status information via the mailbox
[email protected].

9. The VOLKSWAGEN Group uses a service provider for administrative support in relation to
TISAX information security. The Contracting Party shall not incur any costs for the support
provided by the service provider. The VOLKSWAGEN Group shall track the TISAX audit process
via the service provider. The Contracting Party agrees to cooperate with the service provider
regarding schedule and status tracking

10. The Contracting Party must immediately report any changes (e.g. change of company
headquarters, subcontracting, moving site etc.) which may subsequently influence a TISAX audit
and thus have an impact on the business relationship with the VOLKSWAGEN Group via the
mailbox [email protected].

By signing below, the Contracting Party agrees to the terms and provisions set out above.

Place, date ______________________ Supplier number: __________________

CONTRACTING PARTY DUNS number of your site:

__________________________________________ ___________________________________________

First and last name in block letters Signature

Modular NDA – Cl. 2.3 – 15 years – 02 18 Volkswagen Aktiengesellschaft. All rights reserved. (August 2022)
INTERNAL

You might also like