As the automotive industry continues to digitize, the need for secure and robust information security management grows larger and larger. TISAX (Trusted Information Security Assessment Exchange) enables automotive suppliers to meet a set of requirements that signal to their customers that they follow the highest standards of data protection. TISAX certification is required to do business with all major German automotive manufacturers.
As technology becomes increasingly integral to vehicle operation, incredible amounts of data area created, transferred, and store by automotive manufacturers and suppliers during all steps of the vehicles life cycle. From design to prototyping to testing to production and operation.
In 2017, VDA (German Association of the Automotive Industry – Verband der Automobilindustrie) developed TISAX – a platform that functions as an assessment and exchange mechanism manufacturers and suppliers. The platform includes an onlien component which allows companies to share their ISA results online, verify their assessments, and share information.
The Benefits of TISAX
- Prevent Cyber Attacks and IT Breaches through implementation of a TISAX-compliant system
- Gain Customer Confidence Through Comprehensive Data Management & Protection
- Identify Risks Through Value-Added Assessments that Test Your Information Technology & Security Systems
- Time and cost savings due to a standardization of assessment criteria
- Re-assurance in assessed companies
Companies applying for TISAX compliance can choose between three different levels of assessment.
- Level 1: Suppliers must fill out the ISA self-assessment and post it to the TISAX system.
- Level 2: For complex suppliers.Includes self-assessment followed by random checks from an approved auditor.
- Level 3: For suppliers handling high-sensitive data. Includes on-site inspection from an approved auditor based on self-assessment.
The TISAX Assessment Process
- Step 1 – Assessment Level Classification – Clients assign an assessment level to suppliers based on the amount and sensitivity of data that they will be processing.
- Step 2 – Registering with ENX – The supplier will register with ENX.
- Step 3 – Assessment – An approved auditor performs an assessment based on the assessment level.
- Step 4 – Reporting – The supplier receives a report from the approved auditor regarding the assessment.
- Step 5 – Deficiency Correction – The supplier corrects any deficiencies found by the auditor.
- Step 6 – Submitting Reporting – The completed report is uploaded to the TISAX exchange platform where registered companies can access the results submitted by the supplier.