Information security in the automotive industry
Mutual recognition among all TISAX® participants
Suppliers and service providers: greater trust in your audited company
The examination for TISAX® certification takes place only every 3 years
Saving of time and costs by participating in the TISAX® network
Basic information about the TISAX® assessment
In addition, the responsible bodies at the German Association of the Automotive Industry (VDA) have created the conditions for establishing the joint testing and exchange mechanism under the name TISAX® (Trusted Information Security Assessment eXchange). TISAX® is a registered trademark of the ENX Association. The association of European automotive manufacturers, automotive suppliers and automotive associations monitors the quality of TISAX® assessments and controls the approval of TISAX® test service providers.
Why is a TISAX® assessment useful for your company?
- Duplicate and multiple assessments by different customers can be avoided
- Cross-company recognition of information security assessments for TISAX® participants
- Reliability of results through the harmonized VDA ISA test catalog
- Strengthening of trust in audited companies with TISAX® label
What are the requirements of TISAX®?
The industry-specific VDA ISA catalog has been available in version 5.0 since July 2020. This version has been mandatory for all TISAX® audits since October 2020. The requirements from the international and cross-industry standard for information security ISO 27001, in turn, contribute among other things to companies looking beyond the protection of IT technical systems - namely to all corporate assets to be protected.
How does TISAX® work?
A company can also take on both participant roles. Anyone wishing to participate in TISAX® as an Information Contributor must take the following four main steps:
- 1. register online at www.enx.com/TISAX
- 2. selection of an ENX-approved testing service provider such as DQS
- 3. TISAX® assessment
- 4. exchange of the audit results on the TISAX® online platform.
How does a TISAX® Assessment work?
The requirements of the scope and the assessment level must be defined by you in advance, for example "with or without prototype protection".
As a TISAX® participant, you must first register online, after which the scope ID is assigned by ENX (annual service fee).
In the first step, you select an approved testing service provider. In the second step, there is a kick-off, the document review (self-assessment, not on-site) and a subsequent assessment (Level 2: not on-site, Level 3: on-site).
The findings from the audit are recorded in an interim report. In the event of deviations, measures to be implemented are agreed. If necessary, the implementation of measures is determined within an agreed period of time.
After closing the deviations, an effectiveness check is carried out by means of an audit.
The final report is posted online in the TISAX® portal. This lists your company as a participant with the corresponding audit label.
What does the TISAX® assessment cost?
The protection goals, for example, are about whether you want to include topics such as prototype protection or data protection in the assessment. If you want to get involved in the TISAX® procedure, talk to DQS, your approved inspection service provider, as early as possible. This is the only way we can determine the right calculation for the scope of testing and provide you with a reliable quote for the costs of your TISAX® certification.
What you can expect from us
- More than 35 years of experience in the certification of management systems and processes
- Certificates with international acceptance
- Personal, smooth support from our specialists - regionally, nationally and internationally
- Individual offers with flexible contract terms and no hidden costs