TISAX getting started: A Deep Dive into the ISA Assessment Workbook (part 1)

/in

  TISAX — the Trusted Information Security Assessment Exchange — or Trusted ISA Exchange – is the automotive industry’s answer to a decades-old problem: every OEM was running its own supplier security questionnaire, and tier-1 and tier-2 suppliers were drowning in redundant audits. ENX Association, backed by the VDA (Verband der Automobilindustrie), formalized the exchange […]

Read more

AI Adoption for companies in the USA

/in

This is the extension of the original article AI Adoption for companies (based on OECD data) What US Companies Are Actually Spending — And Where It Maps The OECD data gives you the strategic framework. US-specific data gives you a reality check on spending. Here is what verified US sources report.   Adoption in the […]

Read more

AI Adoption for companies (based on OECD data)

/in

  Why You Need to Read This Now Between 2020 and 2024, the share of firms using AI across OECD countries more than doubled — from 5.6% to 14%. Large firms (250+ employees) are at 40% adoption. Small firms (10–49 employees) are at 11.9%. Mid-sized firms sit in the middle at 20.4%. That gap is […]

Read more

SOC 2 Type 2 mapping to Secure SDLC Requirements

/in

We started to talk about the SOC2 Type 2 certification and I feel that we neglected it a bit. I wrote a bit about SDLC, Secure SDLC in particular, but now it is time to bring them together.   SOC 2 Type 2 and Secure SDLC — the big picture SOC 2 Type 2 evaluates whether […]

Read more

EU Cyber Resilience Act (CRA) – Overview

/in

Contents Toggle What is the Cyber Resilience Act – CRA Timeline & Legal Effect Key Requirements & Obligations Why It Matters CRA Product Classification Criteria & Examples Assessment & conformity requirements per class Examples of Software Products Classification Further reading and sources What is the Cyber Resilience Act – CRA The Cyber Resilience Act is […]

Read more