Testing service provider DQS undergoes TISAX® assessment

With the completed assessment, DQS documents in the TISAX exchange platform of ENX the extent to which its own information security management system (ISMS) meets the high requirements of the automotive industry for its service providers. The implementation of the assessment was confirmed by a corresponding document from ENX (see illustration).

"As an assessment service provider for TISAX^®, we gain access to highly sensitive information of our customers in every assessment we carry out. We have therefore decided to set a strong trust signal for our automotive customers - and to align our ISMS with the strict requirements of TISAX^®," explains Christian Gerling, Managing Director of DQS GmbH. "While we have maintained an ISMS for many years already, we are very pleased with the official result, which any interested party can view on the TISAX^® exchange platform. We see this as confirmation of our expertise, underpinning our reputation as a competent service provider in automotive information security."

Information security in the automotive industry

The automotive industry places high demands on information security in the supply chain. For a long time, however, there was no uniform basis for testing. At the end of 2017, the ENX Association, a consortium of automotive manufacturers, suppliers and international automotive associations, therefore launched TISAX^® (Trusted Information Security Assessment eXchange), a globally standardized assessment and exchange process for the automotive industry. The assessment enables suppliers to prove to their OEMs that they have a robust ISMS. The TISAX^® requirements also apply to external audit service providers.

Role of the auditee opens up new perspectives

For this reason, DQS decided to have itself explicitly assessed in accordance with TISAX^®. As DQS already had a robust ISMS in place, the auditing process was significantly streamlined and completed in just six months. The many years of experience as a certifier made the process even easier.

Taking on the unfamiliar role of auditee proved to be valuable input for the future. "The TISAX^® assessment was worthwhile in more ways than one. In addition to the positive effects on our ISMS, we as an audit service provider have gained some valuable impulses for our own audits," says Christian Gerling, who is also responsible for the "Center of Excellence Information & Data Security" of the international DQS offices. "And that's exactly what an audit should do: it should raise awareness of less obvious aspects - and open our eyes to new perspectives. It is therefore also beneficial for us as auditors to get to know the perspective of the auditee. This approach of constant willingness to learn is one of the greatest strengths of DQS - and is one reason why we have been one of the thought leaders in the field of certified information security for many years."

TISAX^® assessments and VCS audits with DQS

DQS has been conducting TISAX^® assessments since 2018, making it one of the world's most experienced audit providers. After registering as a participant on the ENX portal, companies can commission ENX-approved audit service providers such as DQS to carry out a TISAX^® assessment for their ISMS.

The same applies to the VCS Audit product offered by DQS since June 2024 for the assessment of a CSMS in accordance with the requirements of ISO/SAE 21434. Here, too, participant registration on the ENX portal is a prerequisite.  The experienced experts at DQS are always on hand to support companies on their way to successful auditing for TISAX^® and VCS.

TISAX® assessment document from ENX for DQS