On October 8th, Envision AESC Technology (Jiangsu) Co., Ltd. (Envision AESC Technology, referred to as Envision AESC) officially launched its ISO/IEC 27001 & TISAX consulting service project, accepting consulting services from Shanghai GloryTime Information Technology Co., Ltd. (referred to as GloryTime) for over half a year. Participants included all members of the GloryTime project, the management of Envision AESC's group office, IT department, R&D center, quality built-in department, and other departments. At the kick-off meeting, GloryTime provided information security awareness and standard training for Envision AESC, and conducted department interviews, on-site inspections, and information security management status assessment and gap analysis after the meeting.

Envision AESC is an industry-leading smart battery technology company. It breaks through the performance and application boundaries of power batteries with intelligent IoT, creating more intelligent scenarios, allowing electric vehicles to participate in the fragmented renewable energy system, and providing intelligent dynamic balance to promote the joint development of the clean energy and new energy vehicle industries.

Project Background As an expected supplier in the new energy automotive industry, European car manufacturers have put forward TISAX compliance requirements based on the ISO/IEC 27001 system and GDPR compliance requirements for their suppliers. To meet the needs of the company's later business development, according to the requirements of the expected customers in the future, it is necessary to start ISO/IEC 27001 and TISAX compliance consulting and certification services and obtain certification.

ISO/IEC 27001 Information Security Management System is a management system implemented by the International Organization for Standardization (ISO) after adopting the British Standard Association BS7799-2 standard, becoming the internationally accepted language for "information security management." The latest version is ISO/IEC 27001:2013, which is the only internationally recognized standard for information security management. Enterprises can effectively ensure their reliability in the field of information security, reduce the risk of information leaks, and better preserve core data and important information by establishing the ISO/IEC 27001 system.

TISAX was launched in 2017 by the German Association of the Automotive Industry (VDA) and the European Association of the Automotive Industry Communication Network (ENX), based on the ISO/IEC 27001 information security management system standard and the VDA-ISA information security assessment inspection, and is a dedicated information security standard for the automotive industry. TISAX includes three assessment levels, where Level 1 is for company self-assessment and is only for internal use. Level 2 and Level 3 require professional assessment by a third-party certification body, with Level 3 being the highest level, with the highest and most stringent requirements. Companies can obtain a TISAX assessment label after passing the audit.

TISAX provides a consistent assessment standard for the automotive industry, replacing the different standard requirements from various car manufacturers before. It provides a mechanism that can be used by multiple parties through a one-time assessment, providing a three-year security label for car manufacturers and suppliers. Each registered participant can selectively share the audit results on the platform after completing the audit.

Project Requirements

1. Assistance is needed for Envision AESC to establish company-level information security system standards, presentation paths, compile corresponding system documents at all levels, and establish operating mechanisms.

2. Assistance is needed for Envision AESC to establish application design, data security, information confidentiality, and other related specifications, conduct current situation research, complete the establishment of relevant information security standards, and implement them. Responsible for proposing rectification opinions for the current situation and assisting the information security team to promote the completion of rectifications.

Envision AESC China expects the project partner to provide construction plans for the company in accordance with ISO/IEC 27001 and TISAX compliance requirements, and assist Envision AESC China in completing the basic implementation of security compliance and ultimately obtaining certification.

At this project kick-off meeting, senior expert consultants from GloryTime provided professional explanations at multiple levels and dimensions on information security basics, VDA-ISA TISAX-based information security management systems, how to implement information security management systems and effectiveness, and audits. The content covers information security risk management, data protection and regulatory compliance, TISAX preparation and TISAX assessment and implementation procedures, self-assessment and maturity models, and many other aspects, and helps representatives to understand TISAX-related standard requirements and actual operations through case analysis, to help enterprises continuously improve in the field of automotive information security in accordance with current international best practices and their own characteristics.

TISAX is expected to promote suppliers in the automotive industry to meet the information security requirements of different car manufacturers, ensuring that their assessment results can be widely recognized, exchanged, and trusted. GloryTime, as a leading domestic information security consulting company, has successfully completed TISAX assessments and obtained labels for many well-known domestic automotive suppliers with its professional team, customized solutions, and comprehensive after-sales service.

At the same time, GloryTime has brought advanced best practices in the industry to many enterprises in the fields of information management, information security, and IT service management, and has synchronized with the latest global management standards and integrated and optimized them according to Chinese national conditions, bringing a wide range of value-added experiences to enterprises.