TISAX® – Information Security in the Automotive Industry
In an increasingly digitalised business world, threats such as ransomware, industrial espionage and the uncontrolled leakage of sensitive information pose considerable risks. Protecting confidential data – especially development and prototype information – is therefore of paramount importance for companies in the automotive industry.
The TISAX® assessment is a standardised, industry-wide audit procedure for evaluating the information security of suppliers and service providers. It is based on the VDA ISA catalogue, which is aligned with the requirements of ISO/IEC 27001. The audit is carried out every three years.
The focus is on:
Confidentiality, integrity and availability of information
The secure handling of personal data
The protection of prototypes and development data
Through the TISAX® assessment, companies demonstrate to their partners that they have implemented effective measures to protect sensitive data. This creates trust and improves market opportunities – and is a basic requirement for cooperation with many original equipment manufacturers (OEMs).
Benefits of Certification
Competitive Advantage
Recognised safety certification facilitates access to new markets and strengthens the confidence of OEMs and business partners.
Customer Loyalty
A robust ISMS builds trust, strengthens long-term customer relationships and specifically meets the requirements of the automotive industry.
Compliance
They document the implementation of information security and data protection in a manner that is traceable and compliant with industry standards and legislation.
Stakeholder Dialogue
The connection to an established partner network facilitates communication with OEMs, auditors and other certified companies worldwide.
Profitability
A testing procedure that is accepted by many partners reduces the effort required for multiple tests and saves resources.
Facts and information
The TISAX® assessment is based on the audit criteria of the ENX Association (European Network Exchange). It can be carried out either remotely or on site, depending on the assessment level.
The TISAX® process begins with your registration on the ENX Association website. You then select a TISAX® service provider, such as AFNOR, to carry out the assessment.
The first step in the assessment process is a kick-off meeting to explain the procedure. You then complete a self-assessment (Assessment Level 1 – AL1). This will be reviewed during the audit.
Depending on the agreed assessment level, the following steps will be taken:
AL2: Document review by the auditor
AL3: In addition to the document review, an on-site audit will be conducted
Corrective measures will be taken by the participant
After the audit, the assessment will be finalised by the TISAX® service provider's technical staff. The result will then be published on the ENX portal.
As a rule, your business partner (e.g. a car manufacturer or Tier 1 supplier) determines the required assessment level. This is based on the type of information you are to process on behalf of your partner. Alternatively, you can decide for yourself which security level you would like to have externally certified.
GUTcert was a competent, fair and reliable partner at all times during the certification of our ISMS according to ISO 27001 and accompanied us with valuable tips and recommendations on the way from the pre-audit through Stage 1 to the successful certification audit.
Mario Konietzny, Stadtwerke Lutherstadt Eisleben GmbH
[Translated with DeepL]
The audit process with GUTcerts was very smooth, and the professionality of the auditor was outstanding. Our Auditor was very helpful with his insights and comments on our ISMS and I would like to forward to you our management’s appreciation for his excellent work.
Peter Mansour, IDEALworks GmbH
[Translated with DeepL]
GUTcert guided us through the certification process in a swift and focussed manner. They always responded quickly and professionally to enquiries. As a result, our initial certification also ran smoothly.
