Since 2022, the new VDA ISA catalog 5.1 has applied to all new TISAX® assessments. According to the VDA, there have only been minor changes to version 5.0. Work with the new TISAX® 5.1 test catalog is to be further simplified and made more efficient - for users and testers alike.  Read more now.


VDA ISA 5.1 - Major changes from the 5.0 version

Most of the changes in the VDA Information Security Assessment (ISA) catalog 5.1 have been made to the "Information Security" module. According to the change history in the VDA ISA Catalog 5.1, the following changes and adjustments have now been added:

  • Elimination of ambiguities, correction of spelling errors and expressions, linguistic clarification
  • Restructuring of spreadsheet "Welcome", definition of spreadsheets moved to "Definitions"
  • Addition of protection goals regarding requirements for high and very high protection needs in the "Information Security" spreadsheet
  • Removal of the "Addressed protection goals" column in the "Information Security" and "Prototype Protection" spreadsheets
  • Contents of the "Usual process owner" column in the "Information security" and "Prototype protection" spreadsheets cleared out   

As early as version TISAX® 5.0, the contents of the "Third-party connection" module, including test targets, were integrated into the "Information security" module. The following three modules continue to exist: 

  • Information Security
  • Data protection
  • Prototype protection

The term "third party connection" described the situation in which a TISAX® user has its own location on the premises of a partner and may access (via direct network connections) the partner's systems.


TISAX®: Good planning for successful assessments

Are you faced with the task of meeting automotive industry requirements in terms of information security? Then you should make some important decisions in advance of a TISAX® assessment. Our free White Paper provides guidance.

What are the deadlines for users?

As of now, version VDA 5.1 applies. For organizations that use or have introduced TISAX® , the publication of version 5.1 results in the following situation:
Since 2022, the new version 5.1 has been applied to all new TISAX® assessments. For all assessments assigned up to the aforementioned date, version 5.0 was still applied until March 31, 2021 (last audit day).

TISAX® - Information security in the automotive industry

For suppliers or service providers in the automotivesupply chain ★ Proof of information security ★ Recognized by all participants in the TISAX network

More in­form­a­tion about TISAX®

TISAX® 5.1 - Background information

TISAX® is based on the VDA ISA catalog developed by the German Association of the Automotive Industry (VDA), a comprehensive questionnaire that is essentially based on the so-called "controls", the reference measures from Annex A of the information security standard ISO 27001, and adapted to automotive-specific concerns.

In the meantime, ISO 27001 has been revised and republished on October 25, 2022. The revision mainly applies to Annex A. However, TISAX® 5.1 still refers to the old version of Annex A of ISO 27001:2017. A corresponding adaptation to the new controls is expected for the next version of the catalog.

ISO 27001 - Information Security Management System

Holistic management system according to ISO standard ★ Effective implementation of a risk management process ★ Continuous improvement of the security level

More in­form­a­tion about ISO 27001

TISAX® is primarily aimed at companies that want or need to demonstrate a certain level (Level 1 to 3) of information security in order to work with a (participating) automotive manufacturer. The ENX Association, based in Frankfurt am Main and Paris, is entrusted with the implementation and monitoring of the procedure. ENX is an association of European automotive manufacturers, suppliers and four national automotive associations, including the German ENX founder VDA.

DQS - The right partner from the start

DQS is approved as an audit service provider by ENX and can therefore perform TISAX® assessments worldwide. All our TISAX® auditors are also approved auditors for the international standard ISO 27001, which means that both standards can be assessed by DQS at the same time and with less additional effort. We look forward to talking to you.

fragen-antwort-dqs-fragezeichen auf wuerfeln aus holz auf tisch


Do you have any questions? Find out more. Without obligation and free of charge, we will gladly show you the procedure.

Access to TISAX® is gained by registering as a participant online on the TISAX® portal. This is the prerequisite for being able to commission an approved audit service provider such as DQS.

Holger Schmeken

Product manager and expert for information security and software development. Holger Schmeken also contributes his expertise as an auditor for ISO 27001 with KRITIS audit procedure competence.


Relevant articles and events

You may also be interested in this
AI in the Automotive Industry, Robot handing person car keys

Embracing the Era of AI in Cars: How TISAX®️ Can Assist

CARA-dqs-automation concept with 3D rendering robot on a car factory assembly line

ISA Catalog 6.0: All You Need to Know About the TISAX®️ Update

Young man sitting using a computer to analyze ESG, environment, conservation, society, governance, c

ESG in the Automotive Industry Sector