Choose another country to see content specific to your location

//Select Country
About
Careers
Press and Media
Select Your Location
Industries & Services
Industries
Healthcare and Medical Devices
Healthcare
Medical Devices and IVD
Energy
Conventional Power
Nuclear Power
Solar Power
Wind Power
Consumer Products & Retail
Food
Lighting and Luminaires
Textile and Clothing
SEE ALL
Chemical and Process
Mobility & Automotive
Automotive & OEM
Retail & Leasing
Fleet
Manufacturing
Components & Equipment
Machinery & Robotics
Infrastructure & Rail
Infrastructure
Rail
Real Estate
Buildings
Lifts, Cranes & Conveyors
Aerospace and Defense
Services
Auditing & System Certification
Product Certification
Risk Management
Functional Safety
Technical Advisory
Cyber security
Testing
Global Market Access
Inspection
Training
Sustainability
Resources
Resources
Resource Center
Accreditations and Certifications
Accreditations and Approvals
Certificate Finder
Download Certification Marks
Customer Feedback
Events
E-ssentials Newsletters
TÜV SÜD Store
Insights
About TRUST Magazine
Annual Report
Stories
How can we help you?

Have a requirement or need some help? Contact us to find out how we can help you.

//Contact Us
Locations Contact Us
Locations Contact Us
Worldwide

TISAX Assessment and Certfication

Information security for the automotive industry

About TISAX Assessments

Many suppliers and service providers in the automotive industry process highly sensitive information from their clients. Given this, their clients regularly request evidence of compliance with stringent information security requirements.

In most cases, such evidence is provided with the help of the Information Security Assessment (ISA) criteria catalogues developed by the German Association of the Automotive Industry (VDA). However, as individual manufacturers have conducted these ISAs for their suppliers independently so far, many suppliers have had to undergo the same assessment several times.

To reduce these unnecessary efforts and expenses, in early 2017 VDA established TISAX (Trusted Information Security Assessment Exchange), a new assessment and exchange mechanism. The dedicated TISAX online platform is designed to support cross-company recognition of information security assessments in the automotive industry. By sharing their ISA results online on TISAX, companies enable OEMs to verify for themselves whether a service provider or supplier has already successfully completed the assessment.

In addition, TISAX can be used to commission audit providers such as TÜV SÜD to carry out an assessment. The results of such assessments are valid for three years.

Following registration, companies and audit providers can access the platform and share information. VDA has opted for ENX Association as TISAX operator and third-party body.

TISAX participants using the platform can:

  • Commission accredited service providers to carry out assessments
  • Share the results of completed assessments with other participants
  • View the results of other participants

Your benefits at a glance

  • No duplication or multiplication of assessments
  • Major time and cost savings based on cross-company recognition of assessments and information
  • Trust in assessed companies

Assessments may only be performed by audit providers specifically accredited for TISAX.

TÜV SÜD is currently undergoing the accreditation process and is allowed to carry out TISAX assessments.

Important for you: You keep control over your results at all times – this information can only be exchanged and shared after prior approval.

There are 3 assessment levels:

  • Level 1: Standard suppliers only need to complete the ISA questionnaire and publish this self-assessment in TISAX.
  • Level 2: In case of more complex suppliers, the self-assessment will be followed by random plausibility checks by telephone by an approved audit provider.
  • Level 3: Suppliers who handle highly sensitive external data undergo on-site inspection by an approved audit provider based on their self-assessment.

The TISAX Assessment in 6 Steps:

  • Step 1: Classification - In step 1 suppliers are classified by an OEM/client depending on the sensitivity of the data involved.

  • Step 2: Registration - In the next step they register with ENX, including their scope number.

  • Step 3: Assessment - TÜV SÜD carries out the assessment in line with the requested level.

  • Step 4: Report - The assessed company receives the report from the TÜV SÜD auditors.

  • Step 5: Elimination of vulnerabilities - The assessed company eliminates identified vulnerabilities.

  • Step 6: Uploading of report

The completed report is uploaded to the exchange platform. Exchange of these summaries is only possible among registered participants and only after the assessed company has expressly released the results to the company that places the request.

EXPLORE

Introduction to TISAX
Infographics

Introduction to TISAX

Understand the TISAX assessment objectives and how they apply to your organization

Learn More

How to Prepare for TISAX
Webinar

How to Prepare for TISAX: Session 1

Add value to your organization's network

Learn More

TISAX webinar
Webinar

How to Prepare for TISAX: Session 2

Review the self-assessment process

Learn More

TISAX
Webinar

How to Prepare for TISAX: Session 3

Understanding TISAX with your supply chain

Learn More

VIEW ALL INDUSTRY RESOURCES

Next Steps

// Contact Us
// Subscribe
// View Locations
LinkedIn Instagram Youtube Twitter

Select Your Location

Global

Americas

Asia

Europe

Middle East and Africa