Open Menu
Menu
TISAX

TISAX

TISAX® (Trusted Information Security Assessment Exchange) is an industry-specific exchange mechanism of results from information security assessments in the automotive industry. These assessments are based on the VDA-ISA test catalog, which includes information security controls for information security (based on ISO 27001), prototypes, and data protection.

With a TISAX® assessment, you demonstrate the maturity of your information security management system (ISMS) according to your customer requirements. This can be done at different assessment levels and the additional requirements for prototype and data protection of your customers. As proof of the maturity of your information security management system, you are issued so-called test labels that you can share with your business partners.

How important is TISAX® for suppliers?

Suppliers and service providers in the automotive sector often process extremely sensitive information from their clients and are therefore required to provide regular evidence that they meet information security requirements. 
Until now, the audit was usually carried out by the manufacturers themselves based on the Information Security Assessment (ISA) requirements catalog. This often resulted in numerous companies having to undergo the same audit several times - for each client. With TISAX®, this additional effort can be reduced, because by releasing the results on the platform, companies can signal that their information security is TISAX®-compliant. For suppliers, a TISAX® label represents the entry ticket into the automotive industry and is obligatory for cooperation with OEMs.

Relationship between TISAX and IATF 16949

  • IATF 16949 is a Quality Management system that includes customer-specific requirement
  • VDA – members including BMW, Volkswagen Audi Group, and Daimler – has developed the Trusted Information Security Assessment Exchange (TISAX) label.
  • The TISAX label is recommended by the VDA and it is mandatory to do business with certain VDA members.
  • ISO/IEC 27001 focuses on the organization’s information security
  • TISAX emphasizes the security of third-party information within the organization’s ISMS.

TISAX® assessment levels

There are 3 TISAX® assessment levels, as described below. You will select the appropriate level at the registration stage.

  • AL 1: Self-assessment by the auditee. Assessment of existing self-declaration of the auditee
  • AL 2: Plausibility check of self-assessment restricted to the evaluation of evidence and an expert interview
  • AL 3: Full assessment including evaluation of evidence, on-site inspection, and expert interviews

How to implement TISAX

  • 1st step - Preparation
    Anyone interested in TISAX certification needs to register as a TISAX participant on the TISAX portal
  • 2nd step - Self-assessment
    No matter which assessment level an organization chooses to comply with, the first step to a TISAX certification is the self-assessment questionnaire
  • 3rd step - Audit
    For levels 2 and 3, the organization needs an approved auditor to conduct a remote plausibility check or on-site assessment visit
  • 4th step - Optimization
    After the audit, the auditor will draw attention to any findings that need to be addressed, and an action plan will need to be put together by the organization. After further action by the organization and checks by the auditor, the assessment will be completed.
  • 5th step - Results
    The auditor will upload the organization’s TISAX report onto the designated platform. The organization can then decide who the results can be accessed by and to what extent. Results are not publicly available.

A TISAX certification is valid for 3 years, after which the process must be repeated.

TISAX assessments use the VDA ISA requirements catalog, which refers to the information security controls of ISO/IEC 27001 in Annex A.

The VDA ISA catalog comprises the key aspects and criteria of ISO/IEC 27001 and additional criteria, classified into three domains: 

  • Information Security Assessment - based on ISO/IEC 27001 Annex A 
  • Prototype protection requirements 
  • Data protection (concerning Article 28 of GDPR)

Service Portfolio

Training

We’ll train you on how to implement and audit TISAX, so you’re confident and ready to obtain your TISAX labels. 

Free Webinar

  • Introduction course, 1 day
  • Implementation course, 2 days
  • Internal auditor course, 2 days.

Certification

  • TISAX assessment

For any queries or further information related to our services, please feel free to contact us at info@qacamail.com or call us at +919599619392. We are here to assist you!

Enquire Now

Captcha:

Captcha
Reload
  • Phone Icon +91-9599619392
  • Gmail Icon info@qacamail.com
  • WhatsApp Icon +91-9599619392