“With TISAX, we have put in place exhaustive measures that make us a secure provider.” An interview with Patricia Domínguez and Carlos Moreno

Since the end of last year, Industrias Alegres has been able to display, among its other certifications, the TISAX certification, which guarantees Information Security. After decades of working with different ISO models, undertaking this new certification was a significant challenge for the company. We spoke about the company’s new certification and its implications with Patricia Domínguez, the company’s Corporate Quality & Sustainability Director, and Carlos Moreno, from Security Information Operations.

with-tisax-we-have-put-in-place-exhaustive-measures-that-make-us-a-secure-provider-an-interview-with-patricia-dominguez-and-carlos-moreno

— Question: Why do you want this certification for Industrias Alegres?

— Patricia Domínguez (PD):  The TISAX Certification, which is based on the German ISA-VDA standard, was initially created to audit suppliers in the supply chain of major German OEMs. So, it seems like a positive thing to submit to this audit to prove we are a Tier1 supplier like other major OEMs in the country.  Adding to that, Industrias Alegres is continually working on improving its systems to make them reliable and safe. The certification shows that we can be relied upon to have an adequate and efficient system. Over time, the standard is on its way to becoming a model of use.

— Q: Broadly speaking, what parameters does this certification evaluate?

— Carlos Moreno (CM): TISAX is a certification focused on auditing information security, for which all aspects of the organisation much submit to. The standard has more than 300 security controls that needs to be satisfied. So, to be able to put the system to work, we grouped the controls into five different parts: Security Information Management, Operations, External Services and Supplier Management, Legal Compliance and Prototype Protection.

— Q: Are any of these areas of relevance? Perhaps prototype protection?

— CM: Some areas are broader than others, but all are equally important. TISAX puts the focus on information confidentiality to guarantee that our clients and our data are kept safe. They are protected against external intrusions and information leaks. The information’s integrity, always ensuring the used data’s validity, and its availability, to guarantee process continuity, especially in logistics processes, are also assured.

— Q: Has implementing the system been complex?

— PD: It has been a long process. When I joined the company, my colleague, Carlos Moreno, had already been working on the project for a year.

— CM: Yes, the process is very long because the certification has many demands to meet the standard. With TISAX, we have put in place comprehensive technical and organisational measures that make us a secure provider. However, what does start to become complicated, is the measures often add an additional layer of complexity to the company's operational processes. Because of this, the greatest challenge was thinking how to put these measures into place so that we can guarantee the security that the certification requires without disrupting the day-to-day processes too much.

— Q: Now that TISAX is up and running, do the requirements look complex from the inside?

— PD: Putting the certification into place meant having to adopt a series of good practices. There are physical measures and protocols. But the truly important part is the role of the people on the ground in their day-to-day tasks. Afterall, TISAX is made up of standards being applied by everyone who works at Industrias Alegres.

— CM: Fortunately, we already had a culture of information security in the company therefore it was nothing new for the team.  The most important change is that it now requires constant monitoring. When the team is conscious of the importance of security information, the threat of attacks and leaks is minimised.

— Q: And throughout the whole process, has there been much resistance from the staff?

— PD and CM: Quite the opposite! If we may add, we would like to thank the whole team for their collaboration on this journey. Without their support, we would not have been able to get the TISAX certification.

— Q: After months working on the TISAX brand, how does the team feel?

— CM: We really feel that having a system in place that regulates how we process information gives us a greater level of security.

You may also be interested in