Internal auditor for VDA ISA / TISAX® preparation

Information

Internal Audits in accordance with VDA-ISA (TISAX®)
This training course provides the in-depth knowledge required to conduct internal audits in accordance with TISAX® in a confident, structured and practical manner. The focus is on the current requirements of the VDA-ISA and their implementation within the organisation.

Note: TISAX® is a registered trademark of the ENX Association. ACM Consultants GmbH / MSA-B GmbH has no business relationship with ENX. The mention of the TISAX® trademark does not imply any endorsement by the trademark owner of the suitability of the services advertised here.

Objective

Following the training, participants will be able to conduct internal ISMS audits in a confident, structured and practical manner using the ISA questionnaire, and to prepare their organisation effectively for external assessments. The focus is on the current requirements of the VDA-ISA and their implementation within the organisation.

Target audience

• CISOs
• Information Security Officers
• internal auditors

Contents

1. Changes and updates in the TISAX framework
TISAX® and the underlying Information Security Assessment (ISA) are regularly updated to meet current requirements for information security and data protection.

The current updates focus on:

• Clarification of requirements regarding:
  › Information security organisation
  › Risk management and identification of protection needs
• Further development of requirements regarding:
  › Access controls
  › Supplier and interface management
  › Handling of information security incidents
• Clearer expectations regarding the effectiveness of measures, not merely their existence
• Greater focus on traceability and auditability

The training ensures that internal auditors interpret the requirements consistently and apply them correctly.

2. Timing and Implementation

• TISAX® is not a traditional certification system, but a standardised audit and exchange procedure.
• Changes to the VDA-ISA come into effect upon publication; transition periods depend on the specific project and assessment.
• Organisations must ensure that:
  › internal audits take account of the current status of the VDA-ISA,
  › non-conformities are identified and addressed at an early stage.
• Internal audits are a key tool for:
  › verifying the effectiveness of an ISMS.
  › preparing for external assessments, in particular TISAX® assessments by accredited audit service providers.

3. Practical application within the organisation
In practice, the training helps internal auditors to

• audit TISAX® requirements in a structured manner in accordance with ISO 19011
• correctly derive audit criteria from the VDA-ISA
• reliably identify risks, vulnerabilities and non-conformities
• conduct interviews, document reviews and spot checks professionally
• formulate audit findings in a clear, comprehensible and action-oriented manner
• act as a sounding board for the CISO and management

Internal audits thus become an effective tool for improving information security and for reducing risks prior to external assessments. In addition to the topics covered in the VDA-ISA questionnaire, methods and communication techniques play a crucial role in the successful conduct of audits.

Duration

2 days

Scope of services

• Format: Remote
• Cost: €990

Certificate / Certificate of Attendance
At the end of the training course, participants will receive a certificate of attendance. This does not constitute a TISAX® certificate or ENX authorisation.

Recommendation

Possible dates (two-day course):

• 1 June + 2 June 2026
• 16 July + 17 July 2026
• 12 October + 13 October 2026
• 22 October + 23 October 2026