TISAX® Certification

Prove your information security standards with our TISAX® assessments

Information security is a decisive prerequisite for manufacturers, suppliers and service providers cooperating across the value chain used for sensitive projects in the automotive industry.

We provide optimal services for your TISAX® assessment, which is standardized and graded according to individual requirements of three protection classes.

Benefits of your TISAX® assessment

  • Avoid costly and time-consuming duplicate and multiple checks

  • Facilitate proof of information security across companies between manufacturers, suppliers and service providers

  • Maintain visibility and increase opportunities for contracts

  • Select suitable suppliers or service providers from a trusted platform

TISAX® Certification

Established in early 2017, the TISAX® testing and exchange mechanism was founded on the German Association of the Automotive Industry (VDA) catalogue of ISA (Information Security Assessment) requirements, largely established on the basis of the international ISO/IEC 27001 standard. The platform provides members throughout the value chain standardized assessment of their information security status to be shared with partners working throughout the automotive industry.

The ENX Association, as the operator of the TISAX® program, has defined the levels and scope of the assessments. TISAX® differentiates between three different protection classes and assessment levels according to which a company can be audited and which depend on the protection requirements of the information.

Standard suppliers need only to complete the ISA questionnaire and publish this self-assessment in TISAX.

In cases of more complex suppliers, self-assessment will be followed by random plausibility checks by an approved audit provider over the phone.

Suppliers who handle highly sensitive external data undergo on-site inspection by an approved audit provider such as DEKRA based on their self-assessment.

After initial registration, companies wishing to join the TISAX® platform commission a testing service provider such as DEKRA to assess their information security. Assessment begins with a basic test on the topic of information security and offers further optional modules such as prototype protection, data protection, and connection to third parties. This eliminates special requirements in the extensive individual catalogues of major automobile manufacturers. A final report showing the achieved protection class can then be conveniently shared with selected companies requesting your TISAX® status. Certification is valid for a period of three years.

Your successful participation in TISAX® in four steps

Your trusted and accredited partner for all your information security needs

Our experienced and independent experts provide you comprehensive TISAX® assessment services. With more than 40 accreditations in our portfolio, our services can be tailored according to your needs for maximum benefit. Our audits are recognized by international manufacturers, suppliers and service providers throughout the global automotive value chain.

Frequently Asked Questions

Recognized by participants across the global automotive industry supply chain, the Trusted Information Security Exchange (TISAX®) has established a uniform level of information security to boost confidence in audited companies. Standardized TISAX® assessment eliminates unnecessary and duplicate audits saving you both time and money. Certification is valid for a period of three years.

TISAX® distinguishes between three assessment levels (protection requirements), depending on what protection is required: normal (level 1), high (level 2) and very high (level 3). Inspection methods and efforts are determined by the established security needs.

TISAX® is not limited to manufacturing companies but covers the entire supply chain of the automotive industry. Your individual need to implement TISAX® depends on the particular requirements of your client. If your client does not specifically approach you or change any accepted general terms and conditions, it is advisable to wait and see whether you will need TISAX® assessment for further cooperation.

The TISAX® test catalog was derived from the international ISO 27001 standard and uses the controls defined therein. Instructions describe how the respective requirements (must, should, can) can be implemented, how processes are to be ensured, and which tools can be used. A major difference between the two standards is that TISAX® must achieve a certain maturity level in order to receive the label.

All employees must be included in the scope. This can also be, for example, an employee in production who works with customer information.

The duration of your assessment depends on the size of your company and the amount of travel activity associated with the inspection of your locations. Normally, 2-3 days on site are sufficient to complete the procedure for a company of average size.

From initial to final inspection, the entire TISAX® testing process can take several months. If the test process cannot be successfully completed, you will not receive a TISAX® label. If your company meets all criteria or shows only minor deviations (so-called secondary deviations), the test report will be submitted to ENX. Once this has been accepted, you will receive your (temporary) TISAX® label. If there are major deviations which must first be corrected, the label shall apply from the day on which the deviation is deemed to have been rectified.

It is not possible to make a general statement here. It always depends on the size and the activity of your company. Theoretically, you can cover everything in a single document, as long as it is clear. However, it is advisable to create several documents in which related topics are addressed.

Yes, our pre-assessment service enables you to find out how well you are positioned in the area of information security and what tasks still need to be completed for a successful TISAX® assessment.

Contact Us

DEKRA Audits

1120 Welsh Rd.

Suite 210

North Wales , PA 19454

+1.215.997-4519
separator

Management system certification is offered by DEKRA Certification, Inc., which operates independently from any consulting activities using the DEKRA brand.