TISAX®: Information security in the automotive industry

The latest version of the ISA catalogue has been available since October 2023 and in German since April 2024 – we have taken this as an opportunity to answer some important questions about TISAX^®.

As part of a CIS series of articles, we will be focussing on the topic of TISAX^® and taking a closer look at individual aspects.

What is TISAX?

TISAX^® is an assessment and exchange mechanism for the information security of companies – especially within the automotive industry – and enables the joint recognition of assessment results between participants.

TISAX^® was developed on behalf of the Verband der deutschen Automobilindustrie e.V. (VDA) together with the ENX Association and has been established since 2017. The TISAX^® test procedure is based on the so-called VDA ISA catalogue, which has been developed and refined by the VDA’s information security working group since 2000 on the basis of the international standard for information security ISO/IEC 27001.

New version ISA 6

The new version 6.0 of the ISA catalogue was initially published by the VDA in English on 16 October 2023 and has now also been available in German since 3 April 2024, along with many other language versions. Since 1 April 2024, it has been mandatory to use this version when commissioning inspections in accordance with the TISAX^® standard.

In contrast to ISO/IEC 27001 – THE international standard for information security – TISAX^® not only considers qualitative aspects, but also uses a maturity model according to Automotive SPICE, which allows a quantitative assessment in the form of an overall maturity level.

Why is TISAX^® so important?

TISAX^® is of great importance for companies in the automotive industry, especially in the supplier sector. On the one hand, it is a figurehead on the market and, on the other, it is important for securing business relationships with car manufacturers.

Who is authorised to conduct assessments according to the TISAX® standard?

Assessments according to TISAX^® may only be carried out by ENX accredited TISAX^® assessment service providers. The ENX Association authorises the respective assessment service providers and monitors the quality of the implementation and the assessment results. This ensures that the final results meet the required quality and objectivity.

What advantages does CIS offer you as a testing service provider?

CIS Certification & Information Security Services GmbH is the number 1 in Austria when it comes to certifications in the field of information security. The company was founded in 2000 and was the first certification company for information security in Austria. CIS has been conducting assessments according to the TISAX standard since 2021 and is one of the most experienced TISAX assessment companies on the European market.

CIS works in the Austrian market with Austrian auditors. For international assignments, we offer a network of experienced auditors to keep travel costs low. International assignments are supported by centralised quality assurance.

Customer orientation and professional expertise are our top priorities. We support customers with practice-orientated recommendations for the further development of their information security controls and systems.

You have questions or would like to find out more

CIS – Certification & Information Security Services GmbH is the number 1 in Austria when it comes to certifications in the areas of information security, business continuity or data protection. Since 2021, CIS has been authorised to carry out audits in accordance with the TISAX® standard. Thanks to a wealth of expertise gained through cooperation in the European and international market and a broad network of specialist auditors, customer and service orientation are our top priorities.