TISAX® (Trusted Information Security Assessment Exchange) is an industry-specific exchange mechanism of results from information security assessments in the automotive industry. These assessments are based on the VDA-ISA test catalogue, which includes information security controls for information security (based on ISO 27001), prototype and data protection.
With a TISAX® assessment, you demonstrate the maturity of your information security management system (ISMS) according to your customer requirements. This can be done at different test levels and the additional requirements for prototype and data protection of your customers. As proof of the maturity of your information security management system, you are issued so-called test labels that you can share with your business partners.
This makes TISAX® the basis for the testing and sharing mechanism of your information security management system in the automotive industry. For the implementation you need a good basis, which you can obtain in this qualification.
- Fulfilment of automotive customer requirements
- Recognition of test results on the automotive market / in the automotive supply chain
- Protection of own company values
- Raising awareness among employees
- Basis for a possible ISO 27001 certification
- Separate protection in the areas of prototyping and data protection
- Sharing of the obtained test labels with selected business partners
- Internal self-assessment based on the VDA-ISA assessment catalogue
- Registration on the ENX platform
- Selection of the assessment provider (CIS)
- Kick off meeting
- TISAX® assessment (level 2 remote, level 3 on-site)
- Joint agreement on the assessment result
- Derivation of the standardized report
- Processing of the measures
- Issuance of the assessment label
The procedure of a TISAX® assessment is similar to that of an audit. The duration of the assessment depends on the size and structure of your company, and thus on the complexity of your ISMS, and is agreed with you by CIS. The individual elements are assessed using maturity levels, thus providing a good overall view of the strengths and potentials of the implemented ISMS.
If your company has already been certified according to ISO 27001, this provides an excellent basis and facilitates the TISAX® audit based on it. At the same time, ISO 27001 is not a mandatory prerequisite and the TISAX® requirements can also be implemented completely separately.