Supply chain cyber security
Frequently Asked Questions
Frequently Asked Questions
-
1. Which TISAX labels are required for DAF Trucks suppliers?
Required TISAX Labels: Click here
-
2. My organization already has a certification/audit report based on another cybersecurity control framework. Do we still have to acquire the TISAX Labels?
The only valid alternative is an ISO 27001 certificate, which covers the products and services provided to DAF.
In case you have received a request to achieve TISAX and want to use your ISO 27001 certification instead, please direct your request to DAF Trucks Cybersecurity: Cybersecurity@daftrucks.com.
Supplier needs to provide a pdf of the ISO 27001 certificate, expiry date and scope description.
In addition supplier declares that the scope of the ISO 27001 certificate covers the products and services provided to DAF.
-
3. What if we identify issues during the TISAX Assessment?
The TISAX process includes a mechanism to deal with identified issues in a reasonable time frame for up to 9 months while preliminarily receiving the TISAX Label. Suppliers are obliged to obtain the required TISAX Label before the deadline.
-
4. What are the costs to obtain the TISAX Label?
The total cost of gaining TISAX Label is a sum of ENX Registration, Auditor fees and potential remediation costs where applicable.
Further information can be found www.enx.com.
-
5 Who pays the costs involved obtaining TISAX Label?
TISAX is a generic assessment scheme and its use is not limited to DAF Trucks, suppliers are responsible for being TISAX compliant and will pay all associated costs.
-
6. Which of the suppliers sites should achieve TISAX?
All sites of a supplier that are utilized for manufacturing and/or delivery of parts/products/services to DAF Trucks are in scope for TISAX compliance.
-
7. How can the TISAX Label be shared to show compliance?
Suppliers must share their TISAX Label with PACCAR/DAF on the ENX platform as described in the TISAX handbook. The audit result in ENX becomes available to PACCAR and DAF Trucks for monitoring. The level of sharing should be at least “A+Labels”.
-
8. Which resources can I use to learn more about ENX and TISAX?
Via the website: www.enx.com. Also review the TISAX handbook, that can be found on this website.
-
9. Where can I find professional support to become TISAX compliant?
There are cyber security and TISAX consultancy service providers in Europe, North America and Asia/Pacific. Suppliers can make their own choice to arrange support.
-
10. What if a cyber incident occurs at one or more of my sites involved in the supply, production of goods and/or services to DAF Trucks?
Reporting a Cyber incident is a part of the DAF Trucks Incident Management process.
Suppliers are expected to report incidents and/or Cyber attacks relevant to DAF Trucks according to the contractual obligations via email: ITD_EU_Security@paccar.com
-
11. I’ve already provided cybersecurity related information to DAF, do I still need to comply with the request?
Yes, DAF may for example have approached you to provide deliverables in the context of the R155/R156 regulation. These requests and the supply chain cybersecurity related requests run in parallel.
-
12 What if I cannot find the answer to my question in this FAQ overview?
If after careful review of the FAQ an answer cannot be found, please submit your question to:
DAF Trucks Cybersecurity: Cybersecurity@daftrucks.com.
Cyber security in the supply chain
Assessment levels and audit areas