What is TISAX®?

TISAX® stands for Trusted Information Security Assessment Exchange and it is becoming a requirement for proving a level of information security within the automotive supply chain.

TISAX® enables mutual acceptance of information security assessments in the automotive industry and provides a common assessment and exchange mechanism that ensures the secure sharing of sensitive information to partner companies, to inspire trust throughout the automotive supply chain.

TISAX® Oversight

The TISAX® standard was established by VDA (the German association of the automotive industry) and is operated by ENX Association.

Developed by automotive industry security experts and based on international information security management system (ISMS) standards like ISO/IEC 27001, TISAX® provides a catalogue of requirements, covering virtual, physical and social aspects of information security, specific to the automotive supply chain. This catalogue is referred to as the Information Security Assessment (ISA) and forms the basis of the assessment conducted by an approved TISAX® audit provider.

Who does it apply to?

Original Equipment Manufacturers (OEMs) are increasingly recognising, and in some cases mandating, that a TISAX® label is a demonstration of an organization’s compliance with information security requirements, therefore helping assure information security across the automotive supply chain.
There are currently more than 3,000 TISAX® participants (OEMs and TISAX® certified suppliers) across almost 6,000 registered locations worldwide. This includes a range of organizations working with OEMs, from vehicle component suppliers to technology service providers and beyond.

What’s the relationship with ISO/IEC 27001?

It’s vital that organizations prove to customers, at regular intervals, that they comply with standardized and specific requirements relating to information security. Both TISAX® and ISO/IEC 27001 support this objective.

TISAX® closely aligns with ISO/IEC 27001 but has some additional automotive industry specific requirements, particularly focused on the supply chain.
For example, the exchange of design data in development processes, and automated data exchange between networked production systems.
In addition, the availability and reliability of production are more specifically addressed through TISAX® assessments.
ISO/IEC 27001 clauses are referenced throughout the ISA so businesses can easily align managing security in the supply chain with any ISO/IEC 27001 information security management system used within their organization.

Please use the Contact Us if you require assistance in meeting the TISAX® requirements or assistance in going for ISO27001 certification.