TISAX®: Information security in the automotive industry

TISAX® stands for TRUSTED INFORMATION SECURITY ASSESSMENT EXCHANGE. TISAX® is an internationally recognized industry standard that stands for an appropriate level of information security in the automotive and supplier industry. It helps to reduce the risk of information security incidents and strengthen security along the supply chain.

The latest version of the ISA catalog has been available since October 2023 - we have taken this as an opportunity to answer some important questions about TISAX®.

As part of a CIS series of articles, we will focus on the topic of TISAX® and take a closer look at individual aspects.

What is TISAX?

TISAX® represents an assessment and exchange mechanism for the information security of companies - especially within the automotive industry - and enables a joint recognition of assessment results between the participants.

TISAX® was developed on behalf of the German Association of the Automotive Industry (VDA) together with the ENX Association and has been established since 2017. The TISAX® assessment procedure is based on the VDA ISA catalog, which has been developed and refined by the VDA's information security working group since 2000 on the basis of the international standard for information security ISO/IEC 27001.

New version ISA 6

The new version 6.0 of the ISA catalog was initially published by the VDA on 16.10.2023. Since April 1, 2024, it has been mandatory to use this version when commissioning inspections in accordance with the TISAX® standard.

In contrast to ISO/IEC 27001 - THE international standard for information security - TISAX® not only considers qualitative aspects, but also uses a maturity model according to Automotive SPICE, which allows a quantitative assessment in the form of an overall maturity level.

Why is TISAX® so important?

TISAX® is of great importance for companies in the automotive industry, especially in the supplier sector. On the one hand, it is a figurehead on the market, and on the other hand, it is important for securing business relationships with car manufacturers.

Do you want to deepen your knowledge?

Together with CIS network partner and expert Wolfgang Glowatzki, we offer a TISAX® Deep Dive for details on the twelve assessment objectives (labels) that business partners usually request, as well as the three assessment levels:

• TISAX® deep dive: the three assessment levels
• TISAX® deep dive: the 12 test objectives (labels)

Who is authorized to conduct assessments according to the TISAX® standard?

TISAX® assessments may only be carried out by ENX accredited TISAX® assessment service providers. The ENX Association approves the respective assessment service providers and monitors the quality of the implementation and the assessment results. This ensures that the final results meet the required quality and objectivity.

What advantages does CIS offer you as a testing service provider?

CIS Certification & Information Security Services GmbH is the leading service provider in Austria when it comes to certifications in the field of information security. The company was founded in 2000 and was the first certification company for information security in Austria. CIS has been conducting assessments according to the TISAX standard since 2021 and is one of the most experienced TISAX assessment companies on the European market.

CIS works in the Austrian market with Austrian auditors. For international assignments, we offer a network of experienced auditors to keep travel costs low. International assignments are supported by central quality assurance.

Customer focus and technical expertise are our top priorities. We support customers with practical recommendations for the further development of their information security controls and systems.