Information security is becoming more and more important in the automotive sector as a result of connected cars, autonomous driving, and new production methods. With a TISAX® evaluation, you can demonstrate to your stakeholders that you meet the strict security requirements of the ENX Association and the German Association of the Automotive Industry (VDA). We offer you complete support for your TISAX® evaluation as a TISAX® Audit Provider certified by the ENX Association. You may rely on our extensive automotive industry experience.
Your advantages of the TISAX® assessment
TISAX® at a glance
The complexity and internationality of the value chains in the automotive sector define them. The demands on a company's information security are rising at the same time as digitalization both in the final product and during production. A comprehensive, practice-oriented standard that can be used by all businesses involved in the automotive supply chain has been developed with the help of the test and exchange standard TISAX® (Trusted Information Security Assessment Exchange). With experience, our professionals will walk you through your TISAX® examination over the phone, online, or in person. You may demonstrate to your stakeholders that you are a trustworthy source for sensitive data in fewer steps.
The ISA (Information Security Assessment) standards list provided by the German Association of the Automotive Industry served as the foundation for the TISAX® testing and exchange mechanism, which was formed at the beginning of 2017. (VDA). Additionally, it was developed in great part in accordance with ISO/IEC 27001. The related web portal provides members of the whole value chain with a standard evaluation of their information security status and a forum for communication with partners throughout the entire automotive sector. Participation in a TISAX® process requires registration in the site.
The levels and breadth of the assessments have been established by the ENX Association, which runs the TISAX® program. In order to audit a corporation, TISAX® divides protection classes and evaluation levels into four categories. The levels are determined by the information's need for protection.
After initial registration, businesses seeking to join the TISAX® platform hire a reputable testing service provider to evaluate their information security. The evaluation begins with a fundamental audit on information security and includes additional optional modules like prototype protection and data protection. As a result, there is no longer a need for unique criteria from the enormous personal catalogues of the main automakers.
All VDA members and automakers including Volkswagen, BMW, and Audi now recognize and demand a TISAX® label that is issued in the ENX database following a successful audit. Select companies asking your TISAX® status can then easily receive a final report outlining the protection class attained. The TISAX® assessment's findings are reliable for three years.
TISAX® distinguishes four assessment levels (protection requirements): normal (level 1), high (level 2) and very high (level 2.5 or level 3). The test methods and measures are determined by the defined safety requirements. In addition, the external situation determines whether level 2.5 or level 3 is applicable. For example, if an on-site inspection is not possible due to the contact restrictions of the COVID-19 pandemic, a remote audit (Level 2.5) is carried out first. If an on-site audit is possible, Assessment Level 3 applies.
TISAX® is not limited to manufacturing companies, but covers the entire supply chain of the automotive industry. Your individual needs for implementing TISAX® depend on the specific requirements of your customer. If your customer does not approach you specifically or changes accepted general terms and conditions, it is advisable to wait and see whether you need a TISAX® assessment for further cooperation.
The TISAX® test catalogue was derived from the international standard ISO 27001 and uses the criteria defined there. A guideline describes how the respective requirements can be implemented, how the processes are to be ensured and which tools can be used. A significant difference between the two standards is that with TISAX® a certain level of maturity must be reached in order to receive the label.