Since 2021 the University of Stuttgart has been registered as a participant in the Trusted Information Security Assessment Exchange (TISAX) on behalf of the High-Performance Computing Center Stuttgart (HLRS). Recently, the audit provider TÜV Nord CERT GmbH conducted a new evaluation of HLRS’s information security management system. The results of this TISAX assessment have now been published in the ENX portal.
Sep 10, 2024
Announcements
Information for Users
Systems & Infrastructure
Data Security
See all news
Governed by the ENX Association on behalf of the German Association of the Automotive Industry (VDA), TISAX prescribes a standardized set of strict requirements for handling sensitive data that are intended to protect data confidentiality, data integrity, and data availability. These requirements are documented in the VDA Information Security Assessment (ISA) catalogue, which is organized according to data protection needs.
The latest assessment was conducted at TISAX Level 3, the most comprehensive auditing approach within the information security framework. It is designed to ensure adherence to information security standards that are appropriate for handling data with “very high protection needs.”
HLRS Director Prof. Michael Resch greeted the completion of the new TISAX assessment, saying, “For high-performance computing centers like HLRS information security is a continuous responsibility. We are committed to being vigilant to ensure that our users’ data are safe and that our supercomputer is not used in unintended ways. Observing the strict TISAX requirements gives us confidence that we are protecting sensitive data at the highest possible level.”
The TISAX framework closely follows the international standard ISO 27001 for information security management systems. (In 2023 HLRS was certified for information security under the ISO 27001 standard.) TISAX also prescribes additional requirements for the implementation of controls that must be followed.
Included within the TISAX framework is a comprehensive set of best practices for data security. This includes requirements for protecting physical access to computing facilities, delineating clear information security responsibilities, maintaining operational security, and conducting relationships with suppliers. It also covers formal processes for managing security risks and monitoring data protection compliance. In addition, TISAX details responsibilities of all datacenter employees in protecting data security, outlines security-related considerations that should be followed during the procurement of new systems, and articulates formal review processes. These approaches help to ensure that HLRS meets all relevant contractual and legal requirements.
HLRS's TISAX assessment result is available on the ENX Portal under the Scope-ID SP9M8V and the Assessment-ID ANCTTM. TISAX and TISAX results are intended for TISAX participants only and not for the general public.