TISAX Certification & Assessment Services UK

In most cases, such evidence is provided with the help of the Information Security Assessment (ISA) criteria catalogues developed by the German Association of the Automotive Industry, also known as Verband der Automobilindustrie (VDA). However, as individual manufacturers conducted these ISAs for their suppliers independently so far, many suppliers had to undergo the same assessment several times.

To reduce unnecessary effort and expense, in early 2017 VDA established TISAX (Trusted Information Security Assessment Exchange), a new assessment and exchange mechanism. TISAX standard has been designed to support cross-company recognition of information security assessments in the automotive industry. By sharing their ISA results online, companies enable OEMs to verify for themselves whether a service provider or supplier has already successfully completed the assessment. In addition, TISAX can be used to commission audit providers such as TÜV SÜD to carry out an assessment. The results of such assessments are valid for three years.

Following registration, companies and audit providers can access the platform and share information. VDA has opted for ENX Association as TISAX operator and third-party body.

With TISAX, participants using the platform can:

• Commission accredited service providers to carry out assessments
• Share the results of completed assessments with other participants
• View the results of other participants

There are three assessment levels:

Level 1: Standard suppliers only need to complete the ISA questionnaire and publish this self-assessment in TISAX.

Level 2: For more complex suppliers, the self-assessment will be followed by random plausibility checks by telephone by an approved audit provider.

Level 3: Suppliers who handle highly sensitive external data undergo on-site inspection by an approved audit provider based on their self-assessment.

Benefits of attaining the TISAX® label

To meet the information security needs of the automotive industry, the German Association of the Automotive Industry (VDA) established a set of widely accepted security requirements and outlined these in a catalogue known as the VDA Information Security Assessment (ISA). The TISAX label is based on the ISA requirements and is operated by ENX Association, who have assessed and confirmed TÜV SÜD’s status as a TISAX® approved audit provider.

The TISAX label makes it easy for companies to share their information security status.

Saves time and costs: TISAX eliminates the need for duplicate assessments by standardising requirements, reducing time and expenses across the supply chain.

Enhances competitive edge: Achieving TISAX certification demonstrates compliance with stringent standards, building customer trust and offering a market advantage.

Protects critical data: TISAX ensures robust data security measures, safeguarding sensitive information and minimising risks of breaches.

Reduces liabilities: Helps identify and mitigate potential risks in information security, protecting businesses from data breaches, reputational damage avoid costly liabilities.

Builds long-term partnerships: TISAX compliance fosters confidence among stakeholders, strengthening collaborative relationships and long-term business opportunities.

Ensure robust data security with TISAX certification

Contact us to discuss TISAX

A step-by-step guide to achieving the TISAX® LABEL

Your company might want to start the TISAX certification process because it has been requested by a potential customer. It can also help you to be well-positioned for future prospects.

Your TISAX journey will depend on your objectives, as well as the status of your current information security system. Whatever your company’s circumstances, TÜV SÜD offers certification services to support you through the process, step-by-step. 

The TISAX process consists of two phases: preparation and assessment 

Prepare for YOUR TISAX® assessment

As a first step, identify the requirements your company are facing and map them against your implemented information security management system (ISMS)

If your company does not yet have an effective information security management system (ISMS) in place, one option could be to implement an ISMS according to the leading management system standard for information security, ISO/IEC 27001. The implementation and certification according to ISO/IEC 27001 is not a requirement for TISAX but ensures effective information security management for your company overall. Furthermore, it's regarded a solid foundation for a subsequent TISAX assessment.

The process to achieve TISAX label starts with a thorough self-assessment. A good understanding of the TISAX requirements and criteria is vital for the internal analysis and can help you take necessary steps to close critical gaps before the external audit.  

THE TISAX® ASSESSMENT process

The initial and mandatory self-assessment is followed by a third-party assessment. The audit can either require a documentation-based plausibility check (Assessment Level 2), or a more comprehensive on-site-inspection (Assessment Level 3).

Upon completion of the successful audit, the auditor uploads the final report to your TISAX platform, including your company’s TISAX-label. With your approval, OEMs and other partners can then access your TISAX status, thereby attaining a third-party confirmation of your security efforts.

Step 1: Classification

Suppliers are classified by an OEM/client depending on the sensitivity of the data involved.

Step 2: Registration

They register with ENX, including their scope number.

Step 3: Assessment

TÜV SÜD carries out the assessment in line with the requested level.

Step 4: Report

The assessed company receives the report from the TÜV SÜD auditors.

Step 5: Elimination of vulnerabilities

The assessed company eliminates identified vulnerabilities.

Step 6: Uploading of report

The completed report is uploaded to the exchange platform. Exchange of these summaries is only possible among registered participants and only after the assessed company has expressly released the results to the company that places the request.

TÜV SÜD is approved by ENX to perform TISAX assessments and to issue the respective report and label. Select TÜV SÜD as an auditor when you register as a participant on the TISAX platform.

Why choose TÜV SÜD for your TISAX certification?

Years of experience: Benefit from our decades of experience in delivering reliable TISAX certification and assessment.

International presence: Take advantage of our global reach, providing you with consistent and standardised audit practices across multiple regions, enhancing compliance and oversight.

Expert partnership: TÜV SÜD’s experts are recognised by authorities, both nationally and internationally, and have a history of completing successful audits across various industries.

Dedicated project manager: Enjoy the convenience of having a single point of contact with a dedicated project manager who ensures your audit project is managed efficiently and delivered on time.

Customised solutions: Receive tailored audit solutions that align with your specific business goals and compliance requirements.

Want to secure your position in the automotive supply chain with TISAX® certification? Partner with TÜV SÜD for expert guidance, efficient assessments, and support in achieving your information security goals.

Contact us today to get started

TÜV SÜD is a leading provider of auditing services for management system standards. With an international network of auditors, we help customers worldwide to achieve stable operations and improved performance.

Certify your management systems according to ISO/IEC 27001 and/or TISAX and build customer trust

TÜV SÜD’s experienced auditors possess the accreditation and expertise to conduct ISO/IEC 27001 audits across industries. TÜV SÜD is approved by ENX to conduct TISAX assessments for the automotive industry. Through our worldwide network of professionals, we can provide certification services no matter where your business is located. The TÜV SÜD certification mark is recognised throughout industries, instilling trust and transparency.

TISAX FAQs

What is the difference between TISAX and ISO 27001?

TISAX is specifically designed for the automotive industry and focuses on securing the manufacturers' data throughout the supply chain. On the other hand, ISO 27001 allows the protection of the company's data or data entrusted to the company and is applicable to any type of organization, regardless of industry.

What are the TISAX requirements?

These requirements involve secure storage, restricted access, and enhanced monitoring of areas where prototype data is handled or stored. Understanding these requirements is crucial for aligning your Information Security Management System (ISMS) with TISAX expectations.

Who needs TISAX certification?

Companies working with the German and European automotive industry should obtain TISAX accreditation, especially if handling confidential data, including personal, vehicle, or technical information, or product details that could give competitors an advantage.

Is TISAX compliance mandatory?

TISAX certification is not legally required. However, in practice, it is essential if your company wants to do business with any original equipment manufacturers (OEMs), as they are unlikely to work with a company that doesn’t comply with TISAX. All VDA members, which includes most leading German OEMs and German car companies such as Volkswagen, Audi and BMW, mandate that their partners in the car manufacturing and distribution network obtain TISAX certification.