Supply chain cyber security
Audit area and assessment level
Modular assessment objectives of TISAX
The required TISAX labels (assessment objectives) depend on the supply condition:
|
Supply Condition |
Required TISAX Label |
|
|
For all companies where discontinued supply has a direct impact on DAF Business Continuity. This includes all DAF Production Good Suppliers. |
Very High Availability |
|
|
For all companies that have direct Access to DAF Trucks Network. |
Very High Availability or Strictly Confidential |
|
|
For all companies that hold/process DAF Trucks strictly confidential and secret information covered by a Non-Disclosure Agreement, such as product development partners. |
Strictly Confidential |
|
|
For all companies that manufacture, store or use customer-provided components or parts classified as requiring protection at their own locations. |
Proto Parts |
|
|
For all companies that manufacture, store or use customer-provided vehicles classified as requiring protection at their own locations. |
Proto Vehicles |
|
|
For all companies that conduct tests and test drives (e.g. test drives on public roads or test tracks) with customer-provided vehicles classified as requiring protection. |
Test Vehicles |
|
|
For all companies that conduct presentations or events (e.g. market research, events, marketing events) and film and photo shootings with customer-provided vehicles, components or parts classified as requiring protection. |
Proto Events |
|
|
For all companies that handle personal data as a processor according to Article 28 of the GDPR. |
Data |
|
|
For all companies that handle special categories of personal data (like health or religion) as a processor according to Article 28 of the GDPR. |
Special Data |
If in doubt, contact cybersecurity@daftrucks.com.
- Supplier has to achieve the minimum set of labels required, in accordance with the table above. Supplier can always decide to achieve more labels if deemed necessary.
- Supplier must include all supplier sites in the audit scope that have an impact on the supplied product and/or service content.
- DAF Trucks requires that suppliers enable audit information sharing in ENX to make progress visible to PACCAR/DAF Trucks listed as ‘participant ID PYT3F4’. Please follow the instructions in the ENX system to include your customer specific identification (supplier number) in the system. The audit result in ENX becomes available to PACCAR and DAF Trucks for monitoring. The level of sharing should be at least “A+Labels”.
For more information, please consult the TISAX Handbook on the ENX website.
DAF Trucks requires a TISAX Label at assessment level 3 for the audit area(s) applicable to each supplier that provides reliable proof of compliance with the correct scope. Level 3 encompasses a cyber security audit conducted by an external auditor. Like any other audit, it is an in-depth assessment based on on-site interviews and evidence.
Please read the FAQ section, as part of your instruction. If after careful review of the FAQ, still some of your questions remain unanswered, please submit your question to:
DAF Trucks Cybersecurity: cybersecurity@daftrucks.com
Cyber security in the supply chain
Frequently Asked Questions