Experts in innovation strategies
English
  • Localized Websites

Cetbix TISAX Assessment Automation

Prove your information security with a TISAX® Assessment

Prove your information security with a TISAX® Assessment

Cetbix TISAX® Evaluation

Information security is becoming more and more important in the automotive sector as a result of connected cars, autonomous driving, and new production methods. With a TISAX® evaluation, you can demonstrate to your stakeholders that you meet the strict security requirements of the ENX Association and the German Association of the Automotive Industry (VDA). We offer you complete support for your TISAX® evaluation as a TISAX® Audit Provider certified by the ENX Association. You may rely on our extensive automotive industry experience.

Your advantages of the TISAX® assessment

  • Avoidance of costly and time-consuming duplicate or multiple assessments
  • Building trust in the supply chain
  • Establishment of risk management and reduction of risks
  • Improved opportunities for contracts and orders

request demo

TISAX® at a glance

The complexity and internationality of the value chains in the automotive sector define them. The demands on a company's information security are rising at the same time as digitalization both in the final product and during production.

A comprehensive, practice-oriented standard that can be used by all businesses involved in the automotive supply chain has been developed with the help of the test and exchange standard TISAX® (Trusted Information Security Assessment Exchange). With experience, our professionals will walk you through your TISAX® examination over the phone, online, or in person. You may demonstrate to your stakeholders that you are a trustworthy source for sensitive data in fewer steps.

TISAX® Procedure

TISAX® Procedure
High-Speed Recovery
About TISAX®

The ISA (Information Security Assessment) standards list provided by the German Association of the Automotive Industry served as the foundation for the TISAX® testing and exchange mechanism, which was formed at the beginning of 2017. (VDA). Additionally, it was developed in great part in accordance with ISO/IEC 27001. The related web portal provides members of the whole value chain with a standard evaluation of their information security status and a forum for communication with partners throughout the entire automotive sector. Participation in a TISAX® process requires registration in the site.

The levels and breadth of the assessments have been established by the ENX Association, which runs the TISAX® program. In order to audit a corporation, TISAX® divides protection classes and evaluation levels into four categories. The levels are determined by the information's need for protection.

request demo

High-Speed Recovery
Procedure of your TISAX® Assessment

After initial registration, businesses seeking to join the TISAX® platform hire a reputable testing service provider to evaluate their information security. The evaluation begins with a fundamental audit on information security and includes additional optional modules like prototype protection and data protection. As a result, there is no longer a need for unique criteria from the enormous personal catalogues of the main automakers.

request demo

All VDA members and automakers including Volkswagen, BMW, and Audi now recognize and demand a TISAX® label that is issued in the ENX database following a successful audit. Select companies asking your TISAX® status can then easily receive a final report outlining the protection class attained. The TISAX® assessment's findings are reliable for three years.

High-Speed Recovery
TISAX® Assessment Level
  1. Assessment Level 1
    Standard suppliers only need to complete the ISA questionnaire and publish this self-assessment on the TISAX® platform.
  2. Assessment Level 2
    For more complex suppliers, random plausibility checks are carried out by telephone by an approved audit provider after the self-assessment.
  3. Assessment Level 2.5
    Suppliers with a very high security risk for their sensitive data are audited according to TISAX® Assessment Level 2.5 or Level 3. Assessment Level 2.5 comes into effect when on-site audits are not possible due to external circumstances (e.g. contact restrictions due to the COVID-19 pandemic). After the company's self-assessment, a remote audit will take place. The on-site audit is followed up approximately four to eight weeks later.
  4. Assessment Level 3
    Suppliers handling highly sensitive external data are audited on-site by an approved audit service provider based on their self-assessment.

request demo

Frequently asked questions about TISAX®

Frequently asked questions about TISAX®

High-Speed Recovery
TISAX® Assessment Levels

TISAX® distinguishes four assessment levels (protection requirements): normal (level 1), high (level 2) and very high (level 2.5 or level 3). The test methods and measures are determined by the defined safety requirements. In addition, the external situation determines whether level 2.5 or level 3 is applicable. For example, if an on-site inspection is not possible due to the contact restrictions of the COVID-19 pandemic, a remote audit (Level 2.5) is carried out first. If an on-site audit is possible, Assessment Level 3 applies.

request demo


High-Speed Recovery
TISAX® Scope

TISAX® is not limited to manufacturing companies, but covers the entire supply chain of the automotive industry. Your individual needs for implementing TISAX® depend on the specific requirements of your customer. If your customer does not approach you specifically or changes accepted general terms and conditions, it is advisable to wait and see whether you need a TISAX® assessment for further cooperation.

request demo


High-Speed Recovery
TISAX® vrs ISO27001

The TISAX® test catalogue was derived from the international standard ISO 27001 and uses the criteria defined there. A guideline describes how the respective requirements can be implemented, how the processes are to be ensured and which tools can be used. A significant difference between the two standards is that with TISAX® a certain level of maturity must be reached in order to receive the label.

request demo


Information Security Assessment Results according to VDA ISA 5.1 (ISO 2700x)

Information Security Assessment Results according to VDA ISA 5.1 (ISO 2700x)

Employees Involvment

All employees must be included in the scope. This can also be, for example, an employee in production who works with customer information.

request demo

Duration

The duration of your assessment will depend on the size of your company as well as the amount of travel involved in the review of your sites. Typically, for an average sized company, 2-3 days on site will be sufficient to complete the process.

request demo