
TISAX
Trusted Information Security Assessment Exchange for the automotive industry
Overview
TISAX (Trusted Information Security Assessment Exchange) is an assessment and exchange mechanism for information security in the automotive industry, established by the German Association of the Automotive Industry (VDA).
TISAX provides a standardized approach to information security assessments based on the VDA Information Security Assessment (ISA) catalog, which is derived from the ISO/IEC 27001 standard but tailored specifically for the automotive industry.
The primary goal of TISAX is to ensure mutual recognition of information security assessments among participants in the automotive industry, reducing redundant assessments and establishing a common security level across the supply chain.
Key Requirements
- Information security management system implementation
- Protection of prototype parts and information
- Data protection in accordance with GDPR requirements
- Connected product security for connected vehicles and components
- Third-party connections and cloud security controls
- Security incident management and business continuity
- Governing Body:
- ENX Association (on behalf of VDA)
- Based On:
- VDA ISA Catalog (derived from ISO 27001)
- Assessment Levels:
- AL1 (Self-assessment), AL2 (Verified self-assessment), AL3 (Assessment)
- Validity Period:
- 3 years
- Assessment Scope:
- Information Security, Prototype Protection, Data Protection
- Automotive manufacturers (OEMs)
- Tier 1, 2, and 3 automotive suppliers
- Service providers to the automotive industry
- Engineering and design partners
- Marketing and event agencies handling prototype information
- Any organization exchanging sensitive information with automotive partners
TISAX Readiness Assessment
Comprehensive evaluation of your current security posture against TISAX requirements to identify gaps and develop a remediation plan.
TISAX Implementation Support
Hands-on assistance with implementing the necessary controls and processes to meet TISAX requirements, including prototype protection measures.
Documentation Development
Creation of comprehensive policies, procedures, and other documentation required for TISAX assessment.
Pre-Assessment Preparation
Thorough preparation for your TISAX assessment, including documentation review, gap analysis, and mock assessments.
Assessment Support
Expert guidance and support during the TISAX assessment process, including assistance with addressing findings and implementing corrective actions.
Continuous Compliance Support
Ongoing support to maintain TISAX compliance through regular reviews, updates, and continuous improvement initiatives.