Automotive Industry - TISAX
What is Tisax?
TISAX is Trusted Information Security Assessment eXchange. It is a requirement for suppliers within the highly competitive automotive industry required by Original Equipment Manufacturers (OEMs) including BMW, Daimler, Toyota, VW and others. It requires that information is protected against theft, manipulation and loss.
Need help?
Please contact us to arrange a telephone or face-to-face appointment to discuss your needs.
In detail
TISAX is an assessment and exchange mechanism for the information security of enterprises and allows recognition of assessment results among the participants. It’s ideal if you want to process sensitive information from your customers or evaluate the information security of your suppliers.
TISAX has been developed under the guidance of the VDA (the German Association of the Automotive Industry) to ensure a unified level of information security. TISAX brings standardisation, quality assurance and mutual recognition of audits.
TISAX is an inter company test and exchange mechanism based on the VDA Information Security Assessment (ISA).
The ENX Association, based in Frankfurt, acts as the governance organization of TISAX on behalf of VDA.
TISAX is already being used by more than 2,500 companies in more than 40 countries.
Who does TISAX apply to?
OEMs are increasingly recognising, and in some cases mandating, that a TISAX label is a demonstration of an organisation’s compliance with information security requirements, therefore helping assure information security across the automotive supply chain.
There are currently more than 3,000 TISAX participants (OEMs and TISAX certified suppliers) across almost 6,000 registered locations worldwide. This includes a range of organisations working with OEMs, from vehicle component suppliers to technology service providers and beyond.
What's the process?
TISAX registration: the client registers in the ENX Portal, indicating the scope of the assessment.
TISAX assessment: the client goes through the assessment(s), conducted by a TISAX assessment provider.
TISAX label: upon successful completion of the assessment, ENX provides the TISAX label, enabling the assessed organisation to share this with all TISAX participants, or selected business partners.
TISAX assessment levels
There are 3 TISAX assessment levels, as described below. You will select the appropriate level at the registration stage.
AL 1: Self-assessment by the auditee. Assessment of existing self-declaration of the auditee. Standard suppliers only need to complete the ISA questionnaire and publish this self assessment in TISAX.
AL 2: Plausibility check of self-assessment restricted to the evaluation of evidence and an expert interview. In case of more complex suppliers, the self assessment will be followed by random plausibility checks by telephone by an approved audit provider.
AL 3: Full assessment including evaluation of evidence, on-site inspection and expert interviews. Suppliers who handle highly sensitive external data undergo on site inspection by an approved audit provider based on their self assessment.
How can we help?
Spritzmonkey can provide the skills and knowledge to help you implement the controls required to meet the requirements of TISAX. We can help you collate your evidence and answers for self-assessment or assist with level 2 and level 3 assessment via our partner BSI.
By working with an experienced consultant, you can:
Free up in-house resources to do what they do best - running your business
Use our experience to avoid over-complicating the process
Reduce cost and effort over the life-cycle of certification