TISAX and ISO 27001
I hope this message finds you well. We are in plan to implement TISAX and ISO 27001. we have one IT staff member and there is a confusion on whether he should be sitting by himself in a secure office/area. My CEO requested to ask if the clauses or interpretations in either TISAX or 27001 specifically call for IT staff to have their own office area. Our Current IT staff is sharing the office with a member from purchasing department.
Assign topic to the user
We are not experts on TISAX, but what we know is that the TISAX evaluation criteria are based on VDA Information Security Assessment (ISA), which in turn is based on ISO 27001 Annex A.
ISO 27001 does not require separate offices or areas for IT personnel. However, if you have a legal or regulatory requirement to have separate offices for IT personnel, or during your risk management process you conclude that such offices are required, then you would need to implement separate offices.
Comment as guest or Sign in
Oct 12, 2023