TISAX^®, which stands for Trusted Information Security Assessment Exchange, is a label that represents an information security standard designed specifically for the automotive industry.

Originally initiated by the German Association of the Automotive Industry (VDA), the standard has since become established throughout Europe. Since 2000, TISAX^® has been a registered trademark of the ENX Association, the association of the European automotive industry.

TISAX^® is based on ISO 27001 but tailored to the requirements of the automotive industry. ISO 27001 is the international standard for information security management systems, providing guidelines for protecting information assets. Requirements for the assessment on TISAX^® additionally apply to the protection of prototypes and data privacy.

It's important to note that the complexity of the requirements directly influences the preparation effort. Therefore, the question of costs cannot be answered with a one-size-fits-all approach.

To determine the cost of the certification on TISAX^®, various factors need to be considered: What assessment level on TISAX^® does a company aim to achieve? Is an Information Security Management System (ISMS) already in place, and does it meet the requirements of ISO 27001? This assessment helps determine how much groundwork is needed before you can start the implementation process.

Identify gaps and kickoff TISAX^® implementation
Begin by familiarising yourself with the TISAX^® framework. Conduct a gap analysis to identify areas where improvements are needed to meet the requirements. Work with our certified information security experts to build a customised TISAX^® implementation plan. This plan also defines the scope of your Information Security Management System (ISMS).

Build your ISMS
ISMS is a comprehensive set of policies, processes, procedures, and controls designed to improve your organisation's information security practices.

Identify and mitigate risks
Information security risks stem from various organisational sources, including people, infrastructure, physical security, and third-party relationships. So, you start with brainstorming hypothetical scenarios to identify the various information security risks your organisation is exposed to. Assess their impact from a financial, reputational, legal, and operational point of view. Afterwards, you can implement technical or procedural measures to mitigate and manage the identified risks.

Protect information assets
Identify and document all information assets in your organisation, like hardware, data, and personnel. Categorise them based on criticality and value to determine appropriate security controls. Define ownership and assign responsibilities for asset management and protection.

Pass your audit on TISAX^®
In the external audit, an accredited auditor assesses all aspects of your organisation’s ISMS to verify the level of compliance with TISAX^®. DataGuard experts help you conduct a thorough internal audit, maximising your chances of external audit success.

The real journey begins: Maintaining your ISMS
Evolving security threats and changes to the organisational infrastructure constantly create new risks. To ensure continued compliance with TISAX^®, you need to regularly review and update your ISMS. This includes risk assessments, internal audits, and employee training.

To stay certified, your organisation must pass a re-audit every 3 years. Continually improve your ISMS as your business grows and matures. Show your commitment to information security with certification on TISAX^® and win more deals.

Certification on TISAX^® is not legally required. Companies cannot be required to implement management systems that fulfil the requirements for the assessment on TISAX^®.

However, in practice, certification on TISAX^® is indispensable for all companies aiming to operate as suppliers or partners for automotive manufacturers. Without certification on TISAX^®, cooperation with major OEMs (Original Equipment Manufacturers) will become increasingly challenging in the future.

TISAX^® works with three different levels of protection - Assessment Levels 1, 2, and 3 of compliance to TISAX^®. To obtain a Level 1 of compliance to TISAX^®, a self-assessment is sufficient, which is processed through the handbook for the certification on TISAX^®.

TISAX^® has been a registered trademark of the European Automotive Industry Association, the ENX Association, since 2000. The ENX Association is entrusted with the assessment on TISAX^®. The procedure is based on an ISA questionnaire of the Association of the German Automotive Industry VDA (VDA-ISA). ISA stands for Information Security Assessment.

Starting with the audit for Level 2 of compliance to TISAX^®, an audit service provider accredited by the ENX Association intervenes to view the self-disclosure, perform a plausibility check or audit the management system on site.

TISAX^® is the internationally recognised standard for auditing information security and prototype protection in the automotive industry.

Certification on TISAX^® must be renewed every three years. Therefore, not only the certification but especially the maintenance of the ISMS is an ongoing process. Continuous checks and updates of the ISMS are the best prerequisite for renewed certification.

An Information Security Management System (ISMS) is a framework of policies and procedures designed to reduce the impact of security breaches. It is also the foundation and outcome of implementing the ISO 27001 standard.

The prerequisite for the assessment on TISAX^® is an active information security management system (ISMS). TISAX^® bases its ISMS on the requirements of ISO 27001. We assess whether your ISMS meets these requirements and identify areas for potential improvement. This systematic approach ensures that your company is well-prepared for the assessment on TISAX^®.

TISAX^® has eight different test objectives and three different assessment levels. Depending on the desired label, the spectrum ranges from simple self-assessment to remote audits and on-site live assessments. No matter which audit objectives and which assessment level you have to fulfil: we systematically and effectively prepare you for success.

Depending on the complexity and scope of the assessment on TISAX^®, it can take three months to a year before companies are ready for auditing. Depending on the assessment level, the TISAX^® management system covers all areas and processes of a company without exception. Therefore, in preparation for the audit, all processes, routines, and departments must be analysed and, depending on the initial situation, optimised.

DataGuard provides everything you need to set up your company in a legally compliant manner. We combine data protection, information security and compliance by merging technology, expertise and integrated tools.

Our holistic and scalable solution was developed by our compliance experts and is suitable for everyone. Regardless of your industry, company size, or skill level, we help you mitigate risk by protecting your organisation's most valuable information.

Our experts proactively advise your team without legal jargon, so compliance and security align with your business plans and growth objectives.