Information security in the automotive industry

Are you a supplier or service provider to the automotive industry? If yes, then your customers are looking at how critical information exchanged by your customers with you is secured.  This can be achieved through TISAX (Trusted Information Security Assessment Exchange) assessment.  The assessment result gives confidence and trusts to the customer for the security of information.

Mutual recognition among all TISAX® participants

Suppliers and service providers achieve greater trust in information security.

TISAX® certification assessment takes place only once in three years

Saves time and cost by participating in the TISAX® network

Basic information about the TISAX® assessment

TISAX® is a common assessment and exchange procedure for the automotive sector. It is based on the questionnaire (ISA - Information Security Assessment) developed by the VDA working group "Information Security", which in turn is based on key aspects of the international standard ISO/IEC 27001 which is further extended to include a maturity model.

In addition, the responsible bodies at the German Association of the Automotive Industry (VDA) have created the conditions for establishing the joint assessment and exchange mechanism under the name TISAX® (Trusted Information Security Assessment Exchange). TISAX® is a registered trademark of the ENX Association. The Association of European automotive manufacturers, automotive suppliers and automotive associations monitors the quality of TISAX® assessments and controls the approval of TISAX® audit service providers.

Show more
Show less

Why is a TISAX® assessment useful for my company?

As a service provider or supplier in the automotive industry, you need to prove to your customers that you comply with information security requirements. Until now, these assessments were primarily performed by the manufacturers themselves. Registered participants in the TISAX® network can now select an audit service provider via a common online platform and request an assessment. The advantages for companies outweigh the disadvantages:

  • Duplicate and multiple assessments by different customers can be avoided.
  • Cross-company recognition of information security assessments for TISAX® participants
  • High reliability of results due to the harmonized VDA ISA test catalog
  • Enhanced stakeholder trust with TISAX® label
Show more
Show less

What are the requirements of TISAX®?

The TISAX® assessment and exchange procedure contains the requirements of the VDA Information Security Assessments (ISA). This questionnaire on information security in the automotive industry was developed by the VDA working group. However, TISAX® is also based on essential requirements of ISO 27001 (Information Security Management System).

The industry-specific VDA ISA catalog is available in version 5.0 since July 2020. This version has been mandatory for all TISAX® audits since October 2020. The requirements from the international and cross-industry standard for information security ISO 27001, in turn, contribute among other things to companies looking beyond the protection of IT technical systems - namely to all corporate assets to be protected.

Show more
Show less

How does TISAX® work?

In TISAX®, participants can take on two different roles: the "Information Consumer" (passive), for example, is a manufacturer who would like to receive information about a vendor, and the "Information Contributor" (active), for example, is a parts supplier or service provider who would like to be audited for suitability to receive orders from manufacturers.

A company can also take on both participant roles. Anyone wishing to participate inTISAX® as an Information Contributor must take the following four main steps:

  • 1. Register online at
  • 2. Select an ENX-approved audit service provider such as DQS India
  • 3. Undergo the aTISAX® assessment
  • 4. Exchange the audit results on theTISAX® online platform.
Show more
Show less

How does a TISAX® assessment work?

The requirements of the scope and the assessment level must be defined by you in advance, for example "with or without prototype protection".

As aTISAX® participant, you must first register online, after which the scope ID is assigned by ENX (an annual service fee applies).

In the first step, you select an approved audit service provider. In the second step, there is a kick-off, the document review (self-assessment, not on-site) and a subsequent assessment (Level 2: not on-site, Level 3: on-site).

The findings from the audit are recorded in an interim report. In the event of non-conformities, measures to be implemented are agreed upon. If necessary, the implementation of measures is determined within an agreed period of time.

After closing the non-conformities, an effectiveness check is carried out by means of an audit.

The final report is posted online on theTISAX® portal. This lists your company as a participant with the corresponding audit label.


What does the TISAX® assessment cost?

Two important factors

Two important factors influence the scope of the entire assessment and thus the costs. Assessments are possible on the basis of an extended scope, a standard scope, or a restricted scope. Your decision for a scope should be well prepared and determined by the desired protection goals, but also by the size of your company.

The protection goals, for example, are about whether you want to include topics such as prototype protection or data protection in the assessment. If you want to get involved in theTISAX® procedure, talk to DQS India, your approved audit service provider, as early as possible. This is the only way we can determine the correct calculation for the assessment scope, and provide you with a reliable quote for the cost of yourTISAX® certification.

Show more
Show less

Why DQS India?

  • DQS is an approved audit service provider of the ENX Association
  • Value-adding insights into information security in your organization
  • Accreditations for all relevant regulations in the automotive industry
  • Industry-experienced auditors and experts from the field
  • DQS has a local Indian auditor available for both AL2 & AL3 levels
  • More than 35 years of experience in the certification of management systems and processes
  • Certificates with international acceptance
  • Personal, smooth support from our specialists - regionally, nationally and internationally
  • Individual offers with flexible contract terms without hidden costs
Show more
Show less

Request a quote

Your local contact

We would be happy to provide you with a customized offer for the TISAX process.

TISAX® - How to start the assessment well prepared

Register now and receive the White Paper" TISAX® - start the assessment well prepared" free of charge.

Download White Paper