Meeting TISAX Standards with PKWARE, Part 2: Classification

Automotive suppliers must meet TISAX data security standards in order to do business with any major German automobile company. PKWARE helps companies simplify TISAX compliance by providing a wide range of capabilities to address multiple requirements. In our TISAX blog series, we're examining the requirements auto industry suppliers and service providers must meet, and how PKWARE is helping organizations meet those requirements.

Today's topic: data classification, and why automation makes all the difference.

If you’re a supplier or service provider, you likely work on sensitive projects with your partners, requiring a daily exchange of sensitive information. Your partners need to know that you’re handling their sensitive information with care, protecting it from theft, loss, and manipulation.

Many information security regulations recommend the use of classification to ensure that sensitive information is being appropriately protected and handled, and TISAX standards are no different. Question 8.2 in the VDA ISA (the security assessment used in the TISAX process) asks "To what extent is information classified according to its protection needs and are there regulations in place regarding labelling, handling, transport, storage, retention, deletion and disposal?" Specific requirements include the use of a consistent, policy-based classification scheme and the classification of data based on criteria such as value, confidentiality, and legal requirements.

The value of automation

Like other vendors, PKWARE offers classification capabilities to help companies determine what to protect and handle appropriately. But unlike other vendors’ products, PKWARE’s Data Security Platform provides automated, discovery-driven classification. This means that every time a new file is created, the system automatically scans the file for sensitive information, and it applies the appropriate label based on your organization’s definitions.

PKWARE's unique automated security workflow uses your organization’s security policies that determine what content it should look for. When a file matches the definitions for sensitive data, the appropriate label is applied to the file—with no action required by the user. This takes the burden off employees to make decisions on how files should be classified, while ensuring that your classification rules are applied consistently and accurately across your entire organization. Which, by the way, is precisely what the TISAX security assessment requires.

Simpler process, better results

PKWARE also makes it easier to define and implement a classification policy. Instead of having to create paper policies, develop and deliver employee training, and perform regular audits to ensure the accuracy of your organizations classification labels, companies can meet TISAX standards for classification by simply creating and publishing policies within the management console of PKWARE’s platform.

Automation and its value in TISAX compliance will be a recurring theme in this blog series, as we'll see in the next post, as we look at the rules for storing sensitive information on mobile devices.