<?xml version="1.0" encoding="UTF-8" ?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>ITIS-Secure Blog | Cybersecurity & Compliance Insights</title>
    <link>https://www.itis-secure.com/blog</link>
    <description>Latest insights on TISAX®, ISO 27001, NIS2, and DORA compliance for the automotive supply chain.</description>
    <language>en-us</language>
    <lastBuildDate>Tue, 14 Jul 2026 09:49:32 GMT</lastBuildDate>
    <atom:link href="https://www.itis-secure.com/blog/rss.xml" rel="self" type="application/rss+xml" />
    
    <item>
      <title><![CDATA[TISAX® AL2 vs AL3: Which Assessment Level Do You Actually Need?]]></title>
      <link>https://www.itis-secure.com/blog/tisax-al2-vs-al3</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/tisax-al2-vs-al3</guid>
      <pubDate>Mon, 13 Jul 2026 06:00:00 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[AL3 is not AL2 with harder rules. It is the same VDA ISA controls checked on-site. Which TISAX level you need is set by your customer, not by you.]]></description>
    </item>
    <item>
      <title><![CDATA[TISAX NIS2 Compliance: What Your Label Actually Covers, and What It Doesn't]]></title>
      <link>https://www.itis-secure.com/blog/tisax-nis2-compliance</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/tisax-nis2-compliance</guid>
      <pubDate>Fri, 03 Jul 2026 12:28:00 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[A TISAX label covers all ten NIS2 Article 21 measures, per ENX's own expert opinion. Here is the control mapping and the five gaps it leaves open.]]></description>
    </item>
    <item>
      <title><![CDATA[How to Prepare for TISAX Awareness Training]]></title>
      <link>https://www.itis-secure.com/blog/how-to-prepare-for-tisax-awareness-training</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/how-to-prepare-for-tisax-awareness-training</guid>
      <pubDate>Wed, 01 Jul 2026 08:30:00 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[TISAX awareness training is assessed under VDA ISA control 2.1.3 and graded on a 0–5 maturity scale. Here is the scope, the refresh cadence, and the evidence you need to reach level 3.]]></description>
    </item>
    <item>
      <title><![CDATA[The TISAX® Recertification Countdown: When You Actually Have to Start]]></title>
      <link>https://www.itis-secure.com/blog/tisax-recertification-timeline</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/tisax-recertification-timeline</guid>
      <pubDate>Wed, 01 Jul 2026 08:00:00 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[A TISAX label lasts three years. Miss the recertification window and it lapses on the ENX portal, visible to every OEM. Here is how to plan backwards.]]></description>
    </item>
    <item>
      <title><![CDATA[ISO 27001 to VDA ISA 6.0.3 (TISAX): The Control-by-Control Mapping]]></title>
      <link>https://www.itis-secure.com/blog/iso-27001-tisax-control-mapping</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/iso-27001-tisax-control-mapping</guid>
      <pubDate>Sun, 21 Jun 2026 09:00:00 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[A control-by-control crosswalk from ISO/IEC 27001:2022 Annex A to the VDA ISA 6.0.3 catalogue behind TISAX: what maps, what is partial, and what has no ISO equivalent.]]></description>
    </item>
    <item>
      <title><![CDATA[Does ISO 27001 Cover TISAX®? Where They Overlap, and the Gap That Still Needs Closing]]></title>
      <link>https://www.itis-secure.com/blog/does-iso-27001-cover-tisax</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/does-iso-27001-cover-tisax</guid>
      <pubDate>Sun, 21 Jun 2026 08:30:00 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[Does ISO 27001 cover TISAX? A certified ISO 27001:2022 ISMS covers about 70–80% of the VDA ISA Information Security module. Here is exactly where the two meet and where the gap is.]]></description>
    </item>
    <item>
      <title><![CDATA[The Statement of Applicability: The ISO 27001 Document Auditors Open First]]></title>
      <link>https://www.itis-secure.com/blog/statement-of-applicability-iso-27001</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/statement-of-applicability-iso-27001</guid>
      <pubDate>Wed, 17 Jun 2026 09:05:00 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[The ISO 27001 Statement of Applicability is the first document auditors open: what it must contain, where it fails, and how to keep it audit-ready.]]></description>
    </item>
    <item>
      <title><![CDATA[NIS2 Essential Entity Criteria: How to Classify Your Organisation, and Why Getting It Wrong Cuts Both Ways]]></title>
      <link>https://www.itis-secure.com/blog/nis2-essential-entity-criteria</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/nis2-essential-entity-criteria</guid>
      <pubDate>Mon, 15 Jun 2026 08:00:00 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[NIS2 essential entity criteria: how sector and size decide essential vs important, the size-exempt categories, and what classification really changes.]]></description>
    </item>
    <item>
      <title><![CDATA[VDA ISA 6.0 for Automotive Suppliers: What Changed, and What Still Trips Up the 2026 Audits]]></title>
      <link>https://www.itis-secure.com/blog/vda-isa-6-changes-tisax-suppliers</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/vda-isa-6-changes-tisax-suppliers</guid>
      <pubDate>Wed, 10 Jun 2026 09:00:00 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[VDA ISA 6.0 has been the basis for TISAX® assessments since April 2024. Here are the controls ISA 5.1 suppliers must address before their next audit.]]></description>
    </item>
    <item>
      <title><![CDATA[Automotive Supplier TISAX Requirements: What BMW, VW Group, and Mercedes Procurement Actually Ask For]]></title>
      <link>https://www.itis-secure.com/blog/automotive-supplier-tisax-requirements-2026</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/automotive-supplier-tisax-requirements-2026</guid>
      <pubDate>Fri, 05 Jun 2026 08:17:00 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[What automotive supplier TISAX requirements actually mean in OEM procurement, which assessment level you need, what drives it, and how to read the contract clause.]]></description>
    </item>
    <item>
      <title><![CDATA[Picking Up After the ISO 27001:2022 Transition Deadline: A Practical Path Back to Certification]]></title>
      <link>https://www.itis-secure.com/blog/picking-up-after-the-iso-27001-2022-transition-deadline-a-practical-path-back-to-certification</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/picking-up-after-the-iso-27001-2022-transition-deadline-a-practical-path-back-to-certification</guid>
      <pubDate>Thu, 04 Jun 2026 13:48:00 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[ISO/IEC 27001:2013 certificates expired on October 31, 2025. Here is the practical path back to certification for organisations that did not transition in time.]]></description>
    </item>
    <item>
      <title><![CDATA[Stop Failing Audits. Start Winning Contracts.]]></title>
      <link>https://www.itis-secure.com/blog/stop-failing-audits</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/stop-failing-audits</guid>
      <pubDate>Wed, 01 Apr 2026 12:00:00 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[Why leading automotive, aerospace, and technology companies trust ITIS-Secure to take them from security gaps to full certification — fast. Learn our 7-step methodology for TISAX®, ISO 27001, and NIS2.]]></description>
    </item>
    <item>
      <title><![CDATA[The Definitive TISAX® Readiness Guide for 2026: Securing Your Automotive Future]]></title>
      <link>https://www.itis-secure.com/blog/tisax-readiness-guide-2026</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/tisax-readiness-guide-2026</guid>
      <pubDate>Wed, 25 Mar 2026 17:16:42 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[Preparing for a TISAX assessment in 2026 is not just about passing an audit. It is about proving to the world's leading OEMs that you are a resilient, reliable partner in an increasingly hostile cyber landscape.]]></description>
    </item>
    <item>
      <title><![CDATA[NIS2 Compliance Checklist for SMEs: A Practitioner’s Implementation Guide]]></title>
      <link>https://www.itis-secure.com/blog/nis2-compliance-checklist-smes</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/nis2-compliance-checklist-smes</guid>
      <pubDate>Wed, 25 Mar 2026 08:28:21 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[A comprehensive implementation guide for SMEs facing the NIS2 Directive. Learn the 7 core steps to achieving a defensible compliance posture.]]></description>
    </item>
    <item>
      <title><![CDATA[vCISO as a Service: Bridging the Security Leadership Gap]]></title>
      <link>https://www.itis-secure.com/blog/vciso-as-a-service-benefits</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/vciso-as-a-service-benefits</guid>
      <pubDate>Sat, 07 Mar 2026 19:10:37 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[For mid-sized automotive tier suppliers and technology service providers, hiring a full-time Chief Information Security Officer (CISO) is often prohibitively expensive and unnecessary for day-to-da...]]></description>
    </item>
    <item>
      <title><![CDATA[ISO 27001:2022 Transition Toolkit: Updating Your ISMS]]></title>
      <link>https://www.itis-secure.com/blog/iso-27001-2022-transition-toolkit</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/iso-27001-2022-transition-toolkit</guid>
      <pubDate>Sat, 28 Feb 2026 19:10:37 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[The transition period for the ISO/IEC 27001:2022 standard is rapidly closing. Organizations currently certified under the 2013 standard must upgrade their Information Security Management Systems (I...]]></description>
    </item>
    <item>
      <title><![CDATA[The Anatomy of a Modern Penetration Test: Beyond Automated Scans]]></title>
      <link>https://www.itis-secure.com/blog/anatomy-modern-penetration-test</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/anatomy-modern-penetration-test</guid>
      <pubDate>Sat, 21 Feb 2026 19:10:37 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[In the enterprise security space, there is a dangerous misconception that running an automated vulnerability scanner constitutes a "penetration test."]]></description>
    </item>
    <item>
      <title><![CDATA[Navigating the NIS2 Directive: Securing Your Supply Chain]]></title>
      <link>https://www.itis-secure.com/blog/navigating-nis2-directive-supply-chain</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/navigating-nis2-directive-supply-chain</guid>
      <pubDate>Sat, 14 Feb 2026 19:10:37 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[The updated Network and Information Security Directive (NIS2) completely overhauls the cybersecurity landscape across the European Union. Unlike its predecessor, NIS2 aggressively expands the scope...]]></description>
    </item>
    <item>
      <title><![CDATA[Building a Cyber-Resilient Culture: Effective Security Awareness Training]]></title>
      <link>https://www.itis-secure.com/blog/building-cyber-resilient-culture</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/building-cyber-resilient-culture</guid>
      <pubDate>Sat, 07 Feb 2026 19:10:37 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[Despite millions of dollars invested in Next-Generation Firewalls (NGFW), Endpoint Detection and Response (EDR), and [Cloud Security Posture Management (CSPM) tools](/blog/cspm-finding-misconfigura...]]></description>
    </item>
    <item>
      <title><![CDATA[TISAX® vs. ISO 27001: Which Certification Does Your Business Actually Need?]]></title>
      <link>https://www.itis-secure.com/blog/tisax-vs-iso-27001-comparison</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/tisax-vs-iso-27001-comparison</guid>
      <pubDate>Sat, 31 Jan 2026 19:10:37 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[For organizations navigating the complex landscape of information security compliance, deciding between ISO/IEC 27001 and TISAX® (Trusted Information Security Assessment Exchange) is a critical str...]]></description>
    </item>
    <item>
      <title><![CDATA[Zero-Trust Architecture on a Hybrid Cloud: A Practical Guide]]></title>
      <link>https://www.itis-secure.com/blog/zero-trust-architecture-hybrid-cloud</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/zero-trust-architecture-hybrid-cloud</guid>
      <pubDate>Sat, 24 Jan 2026 19:10:37 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[For modern enterprises, the traditional "castle and moat" security model is obsolete. Remote workforces, SaaS sprawl, and multi-cloud environments (AWS, Azure, GCP) have permanently dissolved the c...]]></description>
    </item>
    <item>
      <title><![CDATA[DORA: The Digital Operational Resilience Act Explained]]></title>
      <link>https://www.itis-secure.com/blog/dora-digital-operational-resilience-act</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/dora-digital-operational-resilience-act</guid>
      <pubDate>Sat, 17 Jan 2026 19:10:37 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[The financial sector is the primary target for advanced cybercrime syndicates and state-sponsored attacks. In response to the growing systemic risk posed by digital interconnectedness, the European...]]></description>
    </item>
    <item>
      <title><![CDATA[Automotive Cybersecurity: Integrating ISO/SAE 21434 with TISAX®]]></title>
      <link>https://www.itis-secure.com/blog/automotive-cybersecurity-iso-21434-tisax</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/automotive-cybersecurity-iso-21434-tisax</guid>
      <pubDate>Sat, 10 Jan 2026 19:10:37 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[For automotive suppliers, the mandate for cybersecurity has never been more complex. Today's connected vehicles contain upwards of 100 million lines of code, transforming them into mobile data cent...]]></description>
    </item>
    <item>
      <title><![CDATA[Cloud Security Posture Management (CSPM): Securing the Cloud]]></title>
      <link>https://www.itis-secure.com/blog/cspm-finding-misconfigurations</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/cspm-finding-misconfigurations</guid>
      <pubDate>Sat, 03 Jan 2026 19:10:37 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[The rapid migration to public cloud infrastructure (AWS, Azure, GCP) has fundamentally altered enterprise risk profiles. While cloud providers guarantee the security *of* the cloud, the customer re...]]></description>
    </item>
    <item>
      <title><![CDATA[Incident Response Playbooks: Why You Need Them Before a Breach]]></title>
      <link>https://www.itis-secure.com/blog/incident-response-playbooks-importance</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/incident-response-playbooks-importance</guid>
      <pubDate>Sat, 27 Dec 2025 19:10:37 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[A cyberattack is no longer a question of "if," but "when." When a ransomware syndicate breaches your network or a critical supplier is compromised, executive leadership has minutes—not days—to make...]]></description>
    </item>
    <item>
      <title><![CDATA[Internal vs. External Audits for ISO 27001]]></title>
      <link>https://www.itis-secure.com/blog/internal-vs-external-audits-iso-27001</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/internal-vs-external-audits-iso-27001</guid>
      <pubDate>Sat, 20 Dec 2025 19:10:37 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[Securing an ISO/IEC 27001 certification is a rigorous process involving multiple layers of assessment. For many organizations, the terminology surrounding the audit lifecycle—Stage 1, Stage 2, inte...]]></description>
    </item>
    <item>
      <title><![CDATA[Social Engineering Assessments: Testing the Human Element]]></title>
      <link>https://www.itis-secure.com/blog/social-engineering-assessments</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/social-engineering-assessments</guid>
      <pubDate>Sat, 13 Dec 2025 19:10:37 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[Despite massive investments in Next-Generation Firewalls, Endpoint Detection, and overarching Zero-Trust Architectures, the most vulnerable layer in an...]]></description>
    </item>
    <item>
      <title><![CDATA[Building a Vendor Risk Management (VRM) Program]]></title>
      <link>https://www.itis-secure.com/blog/building-vendor-risk-management-program</link>
      <guid isPermaLink="true">https://www.itis-secure.com/blog/building-vendor-risk-management-program</guid>
      <pubDate>Sat, 06 Dec 2025 19:10:37 GMT</pubDate>
      <author>Iulian Bozdoghina</author>
      <description><![CDATA[You can outsource your payroll, your cloud hosting, and your customer service, but you cannot legally outsource your risk. Modern enterprises operate within deeply interconnected digital supply cha...]]></description>
    </item>
  </channel>
</rss>