CARA-dqs-automation concept with 3D rendering robot on a car factory assembly line

TISAX and the Culture of Continuous Information Security at OEMs

Sandeep Pauddar

Sandeep Pauddar, Global Program Director of IT Sector Audits, has over 25 years of work experience. His recent experience includes GRC management, internal and external audit experience, and project management.
Aug 27 , 2025

As of 2025, all TISAX® assessments are conducted under the Version 6.0 framework, marking a pivotal shift in how information security is evaluated within the automotive supply chain. For suppliers seeking to qualify or remain qualified with major Original Equipment Manufacturer (OEM, compliance is non-negotiable. OEMs like Honda, Hyuandai, and Daimler Trucks have specified it is a necessity for any-tier supplier.

Beyond the instructions to implement information security up and down the global automotive supply chain, there is also a change to how security assurance is measured continuously. Specifically, earlier versions of TISAX® could be addressed through project-based certification efforts. Today TISAX® 6.0 demands a deeper transformation, suggesting a move toward continuous security assurance rooted in leadership, embedded in process, and visible in daily decision-making.

From Audit Preparation to Security-First Culture

The TISAX® framework has long served as the industry benchmark for verifying automotive supplier security posture.

Version 6.0 takes a more granular and dynamic approach.

With updated labels for confidentiality, integrity, and availability, expanded GDPR readiness, and required controls for operational technology (OT), the new catalog reflects the landscape of an OEM where trust and transparency are now prerequisites for partnership.

As I recently shared in a live information session: If your TISAX® scope includes personal data or production systems, these changes will significantly impact your documentation and technical safeguards.

The implication? Security can’t live in a silo. It must be woven into the every function from engineering to procurement to HR, to protect sensitive information.

people in a car driving down the road happily

A Familiar Path: Echoes of the Quality Movement

If this shift feels monumental, and it is—but not unfamiliar. In many ways, the transition mirrors the journey that suppliers underwent when Total Quality Management took root across manufacturing sectors.

What began as a top-down initiative to pass audits eventually became a shared language of excellence. Metrics, ownership, accountability, and cross-functional buy-in reshaped how quality management was delivered and sustained. Information security now stands at the same threshold.

Where previous TISAX® assessments could be handled reactively—driven by audit cycles or OEM requests—TISAX® 6.0 pushes organizations toward proactive alignment. It asks:

  • Is security factored into every new process or product?
  • Are employees aware of evolving data responsibilities?
  • Is incident response simulated, not just documented?
  • Does leadership visibly support a culture of digital trust?

OEM Expectations Have Evolved

Global OEMs such as Honda, Hyundai, and Daimler Trucks are not waiting for suppliers to catch up. Their expectations are increasing, quietly but firmly, around how suppliers demonstrate cyber resilience.

We are seeing:

  • A shift from checkbox audits to risk-specific evaluations
  • Greater scrutiny of personal data and privacy governance
  • Tighter integration of OT security in supplier assessments

In this environment, a TISAX® label is not just a credential—it’s a signal of partnership readiness. Suppliers who treat security as an ongoing commitment rather than an episodic project will be better positioned to retain and grow OEM relationships.

What Culture-Driven TISAX® Compliance Looks Like

Embedding information security as a core value means rethinking how your teams operate. Consider these hallmarks of a mature security culture:

ElementReactive ApproachCulture-Driven Approach
TrainingAnnual awareness sessionContinuous role-based training
DocumentationStatic policies stored centrallyLiving documentation accessible to all
Leadership InvolvementDelegated to IT or ComplianceSenior leadership models secure behavior
Incident ManagementAd-hoc response planningRegular simulations and post-mortems
Supplier & Partner EngagementBasic contract clausesShared standards and audit collaboration
vda-isa-5.1-dqs-electric car with AI artificial intelligence using 3D modeling technology of visuali

Since TISAX® 6.0, Security Became a Whole Discipline.

The release of TISAX® Version 6.0 is more than a technical update—it’s a cultural call to action. OEMs want to work with suppliers who treat information security not just as a requirement, but as a shared responsibility and competitive advantage.

If your organization is still treating TISAX® as a project with a start and end date, now is the time to reassess. Security, like quality, must be continuous, cross-functional, and championed from the top.

Ready to Deepen Your Understanding?

Every supplier’s journey is different. Let’s talk about yours.

Start a con­ver­sa­tion

This article was independently written by DQS and is not affiliated with or endorsed by Honda Motor Co., Ltd., Hyundai Motor Company, Daimler Trucks North America, or any other OEM.

Author

Sandeep Pauddar

  • Sandeep Pauddar led DQS Inc.' ANAB accreditation in ISO 17021-1 
  • ISO27001 Lead Auditor registration with PECB for ISO27001 standard
  • Data Protection Officer registration with PECB
  • PMP and ITIL certifications
  • Governance, Risk & Compliance (GRC) Professional
  • Performed GDPR/ CCPA Assessments

You Might Also Enjoy These Reads

Discover more articles that dive deep into related themes and ideas.
Blog

What the latest IATF updates reveal about audit expectations

Read more
Blog

Opening Doors: How IATF Certification Helps Tier 2 & 3 Suppliers Win New Business

Read more
Blog

How the New TISAX® Rules Empower Automotive Suppliers

Read more