HI, I would like to know if the VDA ISA Certificate overlaps with the ISO27001 and if we can use another template and implement all the controls needed for the VDA ISA, but using your own templates for the ISO 27001. That would mean that when we do the risk assessment we will take into consideration the Excel table from the link above and later implement controls for the ISO27001 on that basis. Would that be enough to have a maturity level of 3 or 4 if everything is implemented and works? Any advice on implementing ISO27001 and VDA ISA in parallel is greatly appreciated and if you have materials that would be useful or even document kits that we can buy, we would appreciate it. Thank you.
Although VDA ISA requirements, part of TISAX standard, have many similarities with ISO 27001 main clauses and its Annex A controls (the excel table in the link you provided, in its tab “Information Security”, column q – “Reference to other standards”, provides a mapping between the two documents), we are not experts on VDA ISA to provide a proper answer regarding VDA ISA maturity level, because this information also depends on the fulfillment of requirements for prototype protection requirements, which are not related to ISO 27001.
This article will provide you a further explanation about TISAX and VDA ISA: