Information security at the highest level: Those who can demonstrate TISAX certi­fication not only enable secure work within the automotive industry but also prove themselves to other companies as a reputable partner.

Act now!

Do your partners require proof of regularly audited compliance with precisely defined information security measures? TISAX certi­fication provides you and your business partners with the assurance you need.

TISAX Certifi­cation
  • Ensure information security holisti­cally within the company and beyond
  • Show your trust­worthiness to your partners
  • Standar­dized procedures with industry-wide recognition
  • An Information Security Management System (ISMS) based on specific standards and tailored to your needs

Read on for more detailed information, but don't wait too long. Time is of the essence.

What is TISAX?

In 2017, the automotive industry launched TISAX, short for Trusted Information Security Assessment Exchange. The goal was to create a common standard for information security. TISAX was developed from ISO 27001. However, while the inter­national standard has been formulated to be independent from any industry, TISAX was introduced specifi­cally to meet the require­ments of automotive manufac­turers.

TISAX is organized by ENX. The European Network Exchange Association is an association of the European automotive industry that, among many other tasks, also manages the accredi­tation of TISAX auditors. ENX also maintains a public database that includes every company that has success­fully passed a TISAX assessment.

Want a free consultation with an expert? Arrange a web appointment.

TISAX encompasses many security-relevant areas within a company:

  • IT security
  • Prototype protection
  • Communi­cation with external partners
  • Contingency plans
  • Security checks
  • Archive management
Icon Catalog

The basis of the test is the TISAX question­naire – also called the VDA-ISA catalog in reference to its publisher, the German Association of the Automotive Industry (Verband der Automobil­industrie). The question­naire is constantly updated and comprises over 60 questions divided into the categories information security, prototype protection and data protection.

TISAX certi­fication: cost for the assessment

The cost for a TISAX assessment depends on the level of certi­fication you wish to attain and the size of your company. In addition, the costs to be budgeted consist of various factors: First, you will usually need initial consul­tation so that you can prepare your company for the audit. Then comes the actual audit. Certifi­cation service providers charge for required personnel and for the duration of the audit. Since each auditor can set different prices, it is difficult to offer an accurate estimate.

But you should not forget internal costs. Depending on how well your information security management system (ISMS) has been implemented, additional effort may be required here as well. Specialized service providers such as the team at IT-Kompass can help you with the targeted intro­duction of an effective security system and can even reduce costs in the long term.

TISAX level explained

TISAX recognizes three different assessment levels. The level describes how intensively your company has been audited.

Which TISAX assessment level is right for your company depends on the require­ments of your partners. Vehicle manu­facturers (OEMs), in particular, expect a certain level from their suppliers.

A TISAX certi­fication is valid for 3 years. After this time, your company will be removed from the ENX database and you will have to conduct another audit. This guarantees that all security measures are also permanently enforced.

TISAX level 1

At the first level, you only have to fill out a question­naire about your internal security measures. There is no verifi­cation of your information at this level. Therefore, the assessment level 1 is only interesting internally and has no signi­ficance in dealing with other companies.

TISAX level 2

Here too, an initial self-assessment takes place. However, an external service provider then carries out a plausi­bility check. This consists of random questions, usually asked by telephone. This allows the auditor to determine if your provided information is plausible.

TISAX level 3

At the highest level, your self-assessment is reviewed on-site. This assessment is extensive and intensive. In addition to file reviews, a walk-through of the premises and interviews with relevant personnel are common.

A TISAX certi­fication is valid for 3 years. After this time, your company will be removed from the ENX database and you will have to conduct another audit. This guarantees that all security measures are also permanently enforced.

Advantages of TISAX

With TISAX, you distinguish yourself to partners as a trustworthy company with effective security management. In the automotive industry, assessment is becoming increa­singly important, and companies are increa­singly demanding that their partners pass the assessment. The great advantage of the standar­dized procedure is that companies do not have to undergo a wide variety of multiple checks. The TISAX label is recognized by all industry players.

View from the cockpit of a self-driving automobile with a heads up display

Frequently asked questions about TISAX

Is TISAX necessary for my business?

If you want to be active in the automotive industry, TISAX is most likely a mandatory requirement. Accordingly, the necessity to participate in TISAX results from the require­ments of the partner companies. In addition, however, you can also proactively opt for a TISAX audit: In this way, you demonstrate your reliability to external partners and also benefit from a correctly implemented ISMS.

Does TISAX replace ISO 27001?

No, TISAX is based on the ISO standard, but the two standards are not identical. TISAX was deli­berately extended to include elements that are of particular interest to the automotive industry. ISO 27001, on the other hand, is universal and interna­tionally recognized. Any company can seek ISO 27001 certi­fication; however, due to the strong similarity, organi­zations for which TISAX plays a role often choose a combined audit to save time and money. But be aware: While ISO 27001 is valid for three years, just like TISAX, companies must undergo an annual review.

Who can perform the audit?

ENX appoints independent audit providers for each country. These TISAX auditors – officially: TISAX Audit Provider (XAP) – are responsible for checking the implemented ISMS as well as the self-disclosures from the partici­pating companies. These include, for example, classic auditing organi­zations such as DEKRA or various TÜV groups. A list of audit service providers can be viewed on the ENX homepage.

While only these few organi­zations are allowed to perform the audit, you can also seek support for preparation from other service providers. IT-Kompass has been active in the field of IT security for many years and can therefore support you with a great deal of experience.

What is the benefit of a TISAX consul­tation?

Imple­menting an Information Security Management System (ISMS) is the basis for a successful TISAX audit, but this requires good preparation and planning. To ensure that you do not have to tackle this task alone, you should engage an external service provider to provide you with advice and support. This way, you can be sure to success­fully pass the TISAX audit.

Your partner for TISAX: IT-Kompass helps you prepare

Our expert for IT security is outside on the balcony in Donzdorf. In the background is the green landscape of the Lautertal valley.

As IT experts, we also know our way around information security. We support you in integrating an effective ISMS into your company. With our help and expertise, you can prepare your system for the TISAX audit. In addition, we can also provide you with competent assistance on many other IT and security issues. Consult with us today!

Your request

If you are interested in TISAX or any other topics, just send us a request.

Or contact us by phone:
Monday through Friday 8:00 am – 5:00 pm
Telephone: +49-7162-14505-80

Our sales team is here for all your IT concerns and is happy to answer any questions you may have.
I’m glad to answer any questions and will be in touch.
Maximilian Richardson Head of Sales
Please check the checkbox.
* Required field
IT-Kompass company logo