TISAX® Certification and Training

Your journey to the TISAX® label

Your journey to the TISAX® label

What is TISAX®?

Trusted Information Security Assessment Exchange (TISAX) is an assessment and exchange mechanism for information security in the automotive industry. The TISAX certification confirms that a company’s information security management system complies with defined security levels and allows sharing of assessment results across a designated platform.

 

Why information security is important to OEMs

The Original Equipment Manufacturer (OEM) collaborates with multiple companies across the value chain for the design, manufacturing, and distribution of their vehicles. To facilitate collaboration, the OEM frequently shares confidential information, such as a prototype design, with the supplier base. If valuable data is not effectively protected, the exchanges along the supply chain may cause losses, manipulations or even theft of trade secrets. Consequently, OEMs will want to ensure that their suppliers and partners, including marketing and sales organisations, have a solid information security management system in place before they are contracted.

 

Benefits of attaining the TISAX® label

To meet the information security needs of the automotive industry, the German Association of the Automotive Industry (VDA) established a set of widely accepted security requirements and outlined these in a catalogue known as the VDA Information Security Assessment (ISA). The TISAX certification is based on the ISA requirements.

The TISAX label makes it easy for companies to share their information security status, which means:

  • Saving time and cost by avoiding duplication of assessments based on customer requirements
  • Gaining a competitive edge by fulfilling stringent requirements and creating customer trust
  • Protecting critical data and reducing liabilities

 

A step-by-step guide to TISAX® certification

Companies often embark on the TISAX certification process upon request of a potential customer. Others initiate the process to be well-positioned for future prospects. Your individual TISAX journey will depend on your objectives, as well as the status of your current information security system. Irrespective of the path chosen, TÜV SÜD offers training and certification services to support you through the process, step-by-step.

The TISAX process consists of two phases: preparation and certification

TISAX Journey to certification

 

Prepare for YOUR TISAX® assessment

As a first step, identify the requirements your company are facing and map them against your implemented information security management system (ISMS).

  • If your company does not yet have an effective information security management system (ISMS) in place, one option could be to implement an ISMS according to the leading management system standard for information security, ISO/IEC 27001. The implementation and certification according to ISO/IEC 27001 is not a requirement for TISAX but ensures effective information security management for your company overall. Furthermore, it's regarded a solid foundation for a subsequent TISAX assessment. TÜV SÜD offers public training to support implementation of ISMS, as well as auditing and certification services for companies interested in ISMS according to ISO/IEC 27001.
  • The TISAX certification process starts with a thorough self-assessment. A good understanding of the TISAX requirements and criteria is vital for the internal analysis and can help you take necessary steps to close critical gaps before the external audit. TÜV SÜD provides comprehensive training for professionals who would like to learn more about the TISAX requirements and structure, including the certification process. 

THE TISAX® ASSESSMENT process

The initial and mandatory self-assessment is followed by a third-party assessment. The audit can either require a documentation-based plausibility check (Assessment Level 2), or a more comprehensive on-site-inspection (Assessment Level 3). Upon completion of the successful audit, the auditor uploads the final report to your TISAX platform, including your company’s TISAX-label. With your approval, OEMs and other partners can then access your TISAX status, thereby attaining a third-party confirmation of your security efforts.

TÜV SÜD is approved by ENX to perform TISAX assessments and to issue the respective report and label. Select TÜV SÜD as an auditor when you register as a participant on the TISAX platform.




Next Steps

Site Selector