Implementation of compliance with TISAX requirements

TISAX (TRUSTED INFORMATION SECURITY ASSESSMENT EXCHANGE) is a standard for assessing information security in the automotive industry, developed by Verband der Automobilindustrie (VDA)—the German automotive industry association—on the basis of the ISO/IEC 27001 standard. It is a standard that can be used by vehicle manufacturers, automotive suppliers, IT service providers, consultants, and third-party software providers to meet their customers’ information security requirements in automotive manufacturing. Certification for TISAX is a mandatory requirement for many car manufacturers and suppliers to the (especially German) automotive industry.

We implement TISAX requirements based on our many years of experience and proven standards for information security and cybersecurity.

The TISAX standard covers a number of information security issues. The basis of the VDA ISA form is the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management System, but it also takes into account additional criteria specific to the automotive sector. The TISAX standard consists of 7 chapters on information security, which are also referred to in the ISO/IEC 27001 standard:

  • politics and organization
  • human resources
  • physical security
  • business continuity
  • identification and access management
  • IT security/cybersecurity
  • supplier relations

Once your organisation has successfully implemented the TISAX requirements, there is only a small area left to complete in order to achieve ISO/IEC 27001 certification. Conversely, the TISAX concepts also meet the requirements of ISO/IEC 27001 and are only a supplement or even an improvement to the existing information security management system.

TISAX is primarily intended for manufacturers of parts and components for the largest brands in the automotive industry, but it can be useful for any supplier and service provider related to the automotive industry.

The experience we have gained in setting up Information Security Management Systems (ISMS), conducting data security audits and implementing information security policies enables us to carry out the process of implementing the requirements of the TISAX standard.

The added value is not only the implementation and optimisation of security management systems in the ICT infrastructure, but also the provision of knowledge in the form of consultancy and training tailored to your needs.