TISAX Certification for valantic:
5 questions for Ingo Hoepfner

With TISAX certification, valantic Supply Chain Excellence GmbH has ascended to the ranks of leading suppliers with the highest IT security standards for the automobile industry. Ingo Hoepfner explains in our interview series “5 questions for…” exactly what is behind TISAX, what this certification means for valantic, and with which solutions the IT service provider fleshes out the TISAX certification. 

Hi, Ingo, valantic Supply Chain Excellence GmbH has just successfully achieved TISAX certification on the highest requirements level. Surely you, as Key Account Manager for customers in the automobile industry, are very pleased about this. What does TISAX stand for and what does this certification mean for valantic?

TISAX stands for Trusted Information Security Assessment Exchange and it is one of the defined and ever more-requested standards of the German automobile industry and its umbrella association VDA for the highest IT security for the exchange of information and certifications.

TISAX doesn’t regard itself as a certification, but rather as an assessment. Practically an individual certification for the standard that the association of the German automobile industry VDA derived from ISO 27001, and the association members of automobile manufacturers are simply requiring ever more of their partners. Very strict standards apply for the assessment, which we had to fulfill. The ENX association, which functions as governance organization in the system, calls the assessment the “TISAX Label – the entry ticket to the automobile industry.” The standards that we as IT service provider and consulting company had to fulfill are so high that we can practically hold up the TISAX label – in addition to the certifications renewed according to ISO 9001 and ISO 27001 – as an entry ticket to any sector or industry. That’s the special value of the certification for valantic, which we would like other valantic locations than the one in Munich to bear as well. Thus also Böblingen, where my team and I are preparing the assessment. 

Why is TISAX so important for the automobile industry and on what does it depend?

The German automobile industry is increasingly networked, just like the cars themselves, which are truly becoming driving computers. Here, I am thinking of the image of a smartphone on wheels. The processes for the development and production of vehicles rely ever more on digital tools and do not happen in isolation. Instead, they are incorporated more and more into a tight partner network. This includes not only external product developers and suppliers, but also mobile phone providers and service providers and consulting companies like us at valantic. As a TISAX-certified company, we come into play because with all this networking, the topic of cybersecurity is increasingly becoming a focus. Whereby in the automobile industry, it is important to provide a solid, secure basis for the digital cooperation with the partners, suppliers, and service providers. This also includes the secure exchange of data. And thus, as IT service provider and consulting company, it is absolutely necessary to be able to demonstrate this security level. For with increasing networking, the interfaces are becoming points of attack. That’s why it’s even more important to increase the information quality in order to speak a common language with regard to data exchange and data interfaces.

How did valantic achieve the certification and the TISAX label?

A large Bavarian automobile manufacturer with whom we discussed the label intensively got the ball rolling. Then we decided to do the auditing and assessment in Munich. Our information security officer Falk Barth and the IT operations team really did a great job. Essentially, the certification is due to our competencies, our experience with supply chain management, and last but not least, the investments we have made in a state-of-the-art, high-performance IT infrastructure.  The consulting projects in the automotive sector were the focus, for these are the ones that will profit from this label.

How and with which solutions does valantic support the automobile industry in order to satisfy its high requirements?

Our offerings in supply chain management include not just IT services and consulting, but also software development. Our cloud-based Connected Chain Manager, for example, has already become an entry ticket for logistics and the industry. With it, we offer customers a solid basis for IT and process consulting.

I think it’s important to emphasize that we at valantic do not consist of just one main location: we have competence centers across Germany, as we do in the supply chain excellence sector. And we believe we are always obliged to excellence. We, for example, are also a strong SAP partner and have a great deal of cloud expertise on which we, as supply chain & logistics team, can rely. That’s why it’s important that we don’t just work monolithically; we can always access the competencies of the other valantic divisions.

Surely the cloud is up and coming for information exchange in the automobile industry. Which other technologies are still used today and where will the future be in this area?

Data exchange has developed rapidly, from simple EDI interfaces, and it will continue to do so in the future. That’s to say that trying to say where we’ll be in 20 years would require looking into a crystal ball. The trend indicates that we are moving from data as true values to analytics and overarching processes. Here, topics such as RPA, Robot Process Automation, are playing an ever-greater role; when it comes to this kind of topic, we as valantic as consulting company are also in demand. In particular, the information exchange between the OEM and customers, suppliers, and partners will continue to increase rapidly. TISAX will therefore not be yesterday’s news, but rather the basis for putting the exchange on a solid footing.

Cloud solutions are becoming more important with the increasing networking of the automobile industry and its products. Manufacturers are themselves under pressure to part from their on-premise environments since the directional information exchange would no longer work given the speed and quantity in demand today. Here, of course, higher standards with regard to IT security are also required, like the ones we provide and with which we can also take the TISAX certification to other industries.

Thank you for taking the time to talk to us!