Supply chain cyber security

Required TISAX Labels: Click here

The only valid alternative is an ISO 27001 certificate, which covers the products and services provided to DAF.

In case you have received a request to achieve TISAX and want to use your ISO 27001 certification instead, please direct your request to DAF Trucks Cybersecurity: Cybersecurity@daftrucks.com.

Supplier needs to provide a pdf of the ISO 27001 certificate, expiry date, scope description and the ‘Statement Of Applicability’.

In addition supplier declares that the scope of the ISO 27001 certificate covers the products and services provided to DAF.

The TISAX process includes a mechanism to deal with identified issues in a reasonable time frame for up to 9 months while preliminarily receiving the TISAX Label. Suppliers are obliged to obtain the required TISAX Label before the deadline.

The total cost of gaining TISAX Label is a sum of ENX Registration, Auditor fees and potential remediation costs where applicable.

Further information can be found www.enx.com.

TISAX is a generic assessment scheme and its use is not limited to DAF Trucks, suppliers are responsible for being TISAX compliant and will pay all associated costs.

All sites of a supplier that are utilized for manufacturing and/or delivery of parts/products/services to DAF Trucks are in scope for TISAX compliance.

Suppliers must share their TISAX Label with PACCAR/DAF on the ENX platform as described in the TISAX handbook. The audit result in ENX becomes available to PACCAR and DAF Trucks for monitoring. The level of sharing should be at least “A+Labels”. 

Via the website: www.enx.com. Also review the TISAX handbook, that can be found on this website.

There are cyber security and TISAX consultancy service providers in Europe, North America and Asia/Pacific. Suppliers can make their own choice to arrange support. 

Reporting a Cyber incident is a part of the DAF Trucks Incident Management process.

Suppliers are expected to report incidents and/or Cyber attacks relevant to DAF Trucks according to the contractual obligations via email: ITD_EU_Security@paccar.com

Yes, DAF may for example have approached you to provide deliverables in the context of the R155/R156 regulation. These requests and the supply chain cybersecurity related requests run in parallel. 

This deviation is only accepted until the upcoming expiration date of your current label.

1. Log in to the ENX portal.
2. Go to the main navigation bar and select “MY TISAX”.
3. From the dropdown menu, select “SCOPES AND ASSESSMENTS”.
4. Go to the table find the table row with your assessment scope.
5. Verify that your assessment scope has the assessment scope status “Active” (column “Scope Status”).
6. Go to the end of the table row of your assessment scope and click the button with the down arrow.
7. Select “Scope Information”.
8. In the new window (“Scope Information”), select the tab “EXCHANGE”.
   
9. Go to the section “SHARING” and click the button “Share”.
10. In the new window (“SHARE THIS SCOPE”), enter your DAF’s Participant ID: PYT3F4 (or select him from the participant list in the neighbouring search box).
    
11. Select the desired sharing level (A+ Labels).
12. Enter your DAF Supplier Number (If you do not know the DAF Supplier Number; it is a 5 digit number and can be found on any Invoice).
    
    
13. Note! In case you are also a PACCAR, Leyland or DAF Brasil supplier, different supplier number formats can be used and can be added by using a ‘,’).
    
14. Note! When the wrong format is used, an error message will appear.
    
15. Click the button “Next”.
16. Read and understand the instructions regarding the permanence of the sharing permission.
17. Mark the two “confirm” check boxes.
18. Click the button “Submit”.

If after careful review of the FAQ an answer cannot be found, please submit your question to:

DAF Trucks Cybersecurity: Cybersecurity@daftrucks.com.