More Information Security in the Automotive Industry with the TISAX® Label
With TISAX® (Trusted Information Security Assessment Exchange), the VDA (German Association of the Automotive Industry) and the ENX Association have developed a consistent quality standard for increasing information security. TISAX® regulates the assessment criteria, assessment methods and the standard for exchanging assessment information along the entire value chain of an automobile. It therefore applies to all parties involved.
As a common assessment and exchange mechanism under the sponsorship of ENX, TISAX® is considered an anchor of confidence in the automotive industry.
The TISAX® assessment is based on the VDA ISA catalog of requirements with regard to assessment criteria, assessment methods and the standard for the exchange of assessment information. The relevance of the standard and its high quality standards for information security are reflected in the fact that the VDA ISA catalog of requirements forms the basis for key aspects of the internationally recognized ISO/IEC 27001 standard.
Many automotive manufacturers now mandate the TISAX® assessment for service providers and suppliers. The TISAX® assessment must be conducted every three years. It offers additional benefits for suppliers and service providers:
- Thanks to the international, industry-wide recognition, identical assessments in quick succession can be avoided
- Significant time and cost savings, as multiple assessments are eliminated
- High level of information security within the company
- Establishment of a reliable foundation of trust with business partners
- Good reputation and high trustworthiness
- Expansion of existing and new customer relationships and market opportunities in the automotive industry
Benefit from the strengths of a TISAX® assessment and request a quotation.
TISAX® customer groups
TISAX® – Comprehensive Service: From Preparation to Assessment
Service providers and suppliers in the automotive industry must provide proof at regular intervals that the high demands of their customers with regard to information security are being met. The TISAX® assessment must be conducted at least every three years. To make this process easy for you, we have tailored our service specifically to your needs. Benefit from our universal approach!
TISAX® Informational Meeting
Before your TISAX® assessment is being conducted, you probably have a few questions. We will be happy to offer you an initial phone consultation, where one of our experts will answer any questions you may have about the registration, the process and other relevant topics.
TISAX® Gap Analysis
Would you like to get an overview of your current status before your TISAX® assessment? With our TISAX® gap analysis, we simulate a TISAX® assessment to help you assess your chances of successfully completing the assessment. The results of the gap analysis provide you with a basis for deciding how to proceed and how much preparation you will need.
Do you have questions about scoping, individual protection requirements, options for structuring and planning the assessment, or differences between TISAX® and standards such as ISO 27001? We support you with a customized workshop of up to two days where we provide you with information about the formal aspects around TISAX®.
Our experts conduct your TISAX® assessment with great care and will address your specific requirements. From assessments of individual locations over multi-site assessments with different scopes to assessments of multiple sites all over the world – as an experienced and approved testing institute, we are always at your side to support you.
TISAX® Group Assessments
Do you have more than seven locations and a consistent ISMS for all of them? If so, a group assessment could be the right choice for you. Our qualified experts are at your side from the planning phase to performing the assessment.
As an alternative to a TISAX® assessment, we are also offering a TISAX® consultation. In this consultation, you will work with our experts to develop a TISAX® -compliant information security management system (ISMS). We support you according to your needs – from simple coaching to comprehensive consulting.
Do you have questions or would you like more information?
The TISAX® Assessment Levels
In addition to the general process, TISAX® offers three different assessment levels. Our interactive graphic will give you an overview.
The initial assessment begins after the assessment requirements have been reviewed and the TISAX® assessment was assigned. After a kick-off, you complete a self-assessment, which is then submitted to our auditor for a plausibility check.
After successfully passing this plausibility check, the auditor reviews the implementation of the assessment requirements and records any findings.
Our experts will conduct the corrective action assessment if there were findings in the initial assessment. During this step, you can propose remedial measures and time frames, which will be evaluated by our auditor.
If there are findings during the initial assessment, our auditor reviews the proof of your implementation in the follow-up assessment with the help of the implementation description and implementation documents.
If you wish an assessment of another location or want to define a new assessment objective, a scope extension will be performed as an additional assessment.
The TISAX® AL2 assessment focuses on an in-depth plausibility check of your self-assessment and the verifications you provide. Therefore, the standards for a good self-assessment are high, and thoroughly prepared documents and verifications are an important component of a successful AL2 assessment.
- Based on the supporting documentation provided by you, the auditor performs a plausibility check and verifies your compliance with the requirements.
- After the successful completion, you receive the technical and organizational information to prepare for the remote assessment.
- Each site-specific remote assessment is carried out by phone by thoroughly interviewing different departments (four to six hours).
- No travel expenses
- Fast, efficient completion if well-prepared
- Less resources and time
- Reduced assessment costs
- No possibility of a later upgrade to a higher TISAX® assessment level
- Preparation itself is more time-consuming and resource-intensive compared to AL2.5 or AL3
- Generally, it is necessary to abort the assessment if the plausibility check cannot be completed
- Exchange on an inter-personal level is more difficult than with AL2.5 or AL3
In addition to an initial self-assessment, an in-depth phone assessment is an integral part of this assessment. In contrast to the AL2 assessment, the self-assessment does not necessarily have to be completed successfully, as the auditor will go over the controls in-depth in a phone interview. The interview lasts several days.
The thorough plausibility check and review of controls allow for simple scope extensions. This also allows a later upgrade to an AL3 assessment level of your TISAX® assessment if an on-site visit is not possible due to COVID-19.
- Plausibility check of your self-assessment and your verifications by our auditor.
- After the successful completion, you receive all necessary information to prepare for the remote assessment.
- The remote assessment is conducted by phone and will be spread over several days based on your individual needs. During the 16- to 20-hour assessment step, the auditor will interview various departments.
- Possibility of an AL2.5 expansion assessment via scope extension.
- Possibility of a later upgrade to a higher TISAX® assessment level
- Preparation of the assessment is less time-consuming
- Possibility to provide additional information during the assessment at short notice
- Reduced travel and accommodation costs
- In case of deficiencies in the plausibility check, the assessment can still be continued
- More time-consuming than AL2 assessment
- Higher assessment costs compared to AL2 assessment
- Less exchange on interpersonal or personal level
The AL3 assessment focuses on an on-site interview, an on-site assessment, and a thorough self-assessment. This helps to ensure high quality standards.
- Your prepared self-assessment and verifications are checked for plausibility and for compliance with the requirements.
- Feedback is provided and, after successful completion, the further course of action is agreed upon.
- The auditor spends at least two days at your site for interviews with departments as well as for a review and evaluation of various aspects of the assessment.
- On-site inspection of your location to check the physical conditions.
- Less time required for preparing the assessment
- Easy later upgrade to very high protection requirements or prototypes
- Possibility to provide additional information during the assessment at short notice
- No termination of the assessment in case of problems with the plausibility check due to direct inter-personal exchange on site
- More time requirements and higher cost due to in-depth and thorough assessment and consultation
- Travel and accommodation costs
Save time and costs by properly preparing your request for a quotation. Request your TISAX® assessment in a few easy steps with the help of our checklist.
We are Your Reliable TISAX® Partner
As an independent partner and one of the first TISAX® assessment providers, we use our expertise to support and advise you in defining your assessment objectives and assessment levels as well as in complying with the high information security requirements in your company.
Since 2017, our IT security and data protection specialists have been working with companies to find the right technical and organizational solutions and help them implement suitable measures that sustainably increase their level of protection.
As an internationally operating company, we are able to involve qualified experts for both consulting and TISAX® assessments, thus providing added value from understanding cultural aspects to optimizing assessment approaches.
FAQ: Frequently Asked Questions about TISAX®
Our experts have compiled some frequently asked questions about TISAX® and the relevant terminology for you.