Since 2022, the new VDA ISA catalog 5.1 has applied to all new TISAX® assessments. According to the VDA, there have only been minor changes to version 5.0. Work with the new TISAX® 5.1 test catalog is to be further simplified and made more efficient - for users and testers alike.  Read more now.


VDA ISA 5.1 - Major changes from the 5.0 version

Most of the changes in the VDA Information Security Assessment (ISA) catalog 5.1 have been made to the "Information Security" module. According to the change history in the VDA ISA Catalog 5.1, the following changes and adjustments have now been added:

  • Elimination of ambiguities, correction of spelling errors and expressions, linguistic clarification
  • Restructuring of spreadsheet "Welcome", definition of spreadsheets moved to "Definitions"
  • Addition of protection goals regarding requirements for high and very high protection needs in the "Information Security" spreadsheet
  • Removal of the "Addressed protection goals" column in the "Information Security" and "Prototype Protection" spreadsheets
  • Contents of the "Usual process owner" column in the "Information security" and "Prototype protection" spreadsheets cleared out   

As early as version TISAX® 5.0, the contents of the "Third-party connection" module, including test targets, were integrated into the "Information security" module. The following three modules continue to exist: 

  • Information Security
  • Data protection
  • Prototype protection

The term "third party connection" described the situation in which a TISAX® user has its own location on the premises of a partner and may access (via direct network connections) the partner's systems.


TISAX®: Good planning for successful assessments

Are you faced with the task of meeting automotive industry requirements in terms of information security? Then you should make some important decisions in advance of a TISAX® assessment. Our free White Paper provides guidance.

What are the deadlines for users?

As of now, version VDA 5.1 applies. For organizations that use or have introduced TISAX® , the publication of version 5.1 results in the following situation:

Since 2022, the new version 5.1 has been applied to all new TISAX® assessments. For all assessments assigned up to the aforementioned date, version 5.0 was still applied until March 31, 2021 (last audit day).

TISAX® - Information security in the automotive industry

For suppliers or service providers in the automotive
supply chain ★ Proof of information security ★ Recognized by all participants in the TISAX network

More information about TISAX®

TISAX® 5.1 - Background information

TISAX® is based on the VDA ISA catalog developed by the German Association of the Automotive Industry (VDA), a comprehensive questionnaire that is essentially based on the so-called "controls", the reference measures from Annex A of the information security standard ISO 27001, and adapted to automotive-specific concerns.

In the meantime, ISO 27001 has been revised and republished on October 25, 2022. The revision mainly applies to Annex A. However, TISAX® 5.1 still refers to the old version of Annex A of ISO 27001:2017. A corresponding adaptation to the new controls is expected for the next version of the catalog.


TISAX® - How to start the assessment well prepared

Are you faced with the task of meeting automotive industry requirements in terms of information security? Then you should make some important decisions in advance of a TISAX® assessment. Our free White Paper provides guidance. 

TISAX® is primarily aimed at companies that want or need to demonstrate a certain level (Level 1 to 3) of information security in order to work with a (participating) automotive manufacturer. The ENX Association, based in Frankfurt am Main and Paris, is entrusted with the implementation and monitoring of the procedure. ENX is an association of European automotive manufacturers, suppliers and four national automotive associations, including the German ENX founder VDA.

DQS - The right partner from the start

DQS is approved as an audit service provider by ENX and can therefore perform TISAX® assessments worldwide. All our TISAX® auditors are also approved auditors for the international standard ISO 27001, which means that both standards can be assessed by DQS at the same time and with less additional effort. We look forward to talking to you.

dqs-question-answer-question mark on wooden cubes on table


Do you have any questions?
Find out more. Without obligation and free of charge, we will gladly show you the procedure.

Access to TISAX® is gained by registering as a participant online on the ENX® portal. This is the prerequisite for being able to commission an approved audit service provider such as DQS.

Holger Schmeken

Product manager and expert for information security and software development. Holger Schmeken also contributes his expertise as an auditor for ISO 27001 with KRITIS audit procedure competence