TISAX® Process

The TISAX® (Trusted Information Security Assessment Exchange) process involves rigorous evaluation and certification of information security management systems for automotive companies, ensuring compliance with industry standards and regulations. It encompasses thorough assessments and audits conducted by accredited assessors to validate the security measures in place.

Image

What is TISAX® ?​

  • TISAX® stands for Trusted Information Security Assessment Exchange. It is a standard used by the automotive industry to assess and certify the information security practices of companies within its supply chain. TISAX® was developed by the German Association of the Automotive Industry (VDA) to ensure a consistent and high level of data security among suppliers and service providers in the automotive sector.
  • TISAX® assessments evaluate various aspects of information security, including data protection, access controls, risk management, and compliance with relevant regulations and standards. Companies that undergo TISAX® assessments receive certifications based on their level of compliance and maturity in these areas.
  • TISAX® certification is often required by automotive manufacturers and OEMs (Original Equipment Manufacturers) as a prerequisite for collaboration and partnership. It helps to establish trust and confidence in the security practices of companies involved in the automotive supply chain, fostering secure data exchange and collaboration.
view more
Image

Who Needs TISAX® ?

  • TISAX® is relevant for :

    Companies involved in designing, manufacturing, and assembling vehicles.

  • Automotive Manufacturers

    Companies involved in designing, manufacturing, and assembling vehicles.

  • Suppliers

    Companies supplying components, parts, or services to automotive manufacturers.

view more
Image

TISAX® Assessment Process​

  • Preparation

    We begin by working closely with our clients to understand their business operations, information security objectives, and scope of TISAX® certification. We help them define the intended TISAX® label, including locations, protection levels, and any additional modules required.

  • Registration

    Our clients register their company as a participant on the TISAX® platform. We assist them in obtaining a scope-ID and selecting an audit provider. Together, we discuss assessment levels, scope, requirements, and available options.

  • Initial Assessment

    The auditor conducts a kick-off conference call with our clients to explain the assessment process. Our clients receive questionnaires and guidance to compile necessary evidence. An assessment date is scheduled, and the auditor performs the information security assessment remotely or on-site. Upon completion, our clients receive their TISAX® label if no vulnerabilities are identified.

  • Corrective Action Plan Assessment

    If vulnerabilities are found, our clients provide a corrective action plan with deadlines. The auditor assesses this plan and updates the assessment report accordingly.

  • Implementation

    Our clients implement measures to address identified vulnerabilities within agreed-upon deadlines and document evidence of implementation.

  • Follow-up Assessment

    The auditor evaluates evidence of implementation and updates the assessment report. The TISAX® label is granted, and the assessment is closed. Our clients have the option to share their TISAX® label with chosen parties.

view more
Image

How to Prepare your Company ?​

  • Understand TISAX® Requirements:

    Familiarize yourself with TISAX® requirements and the specific criteria relevant to your industry. Utilize resources like the VDA Information Security Assessment and attend web seminars to enhance understanding.

  • Clarify TISAX® Scope:

    Define the intended TISAX® label, including locations, protection levels, and additional modules. Clearly articulate the scope of your information security practices.

  • Engage TISAX® Experts:

    Seek guidance from TISAX® experts or consultants who can provide insights into the assessment process and help tailor security practices to your company's needs.

  • Training and Awareness:

    Train employees on information security best practices. Ensure they understand their roles in maintaining security, and consider specialized training programs if needed.

  • Stay Informed:

    Regularly check newsfeeds from authoritative sources such as the BSI (German Federal Office for Information Security) to stay updated on industry trends, threats, and best practices.

  • Implement Information Security Standards:

    Align your information security practices with relevant standards, such as the ISO 2700x series. Implement controls and measures that adhere to industry best practices.

  • Internal Pre-Audit:

    Conduct an internal pre-audit to assess your current information security maturity. This helps identify areas that may need improvement before the official TISAX® assessment.

  • Corrective Action Plan:

    Develop a corrective action plan to address any vulnerabilities or gaps identified during the pre-audit. Implement measures to strengthen your information security posture.

  • Benchmark and Optimize:

    Compare your information security practices with industry benchmarks and optimize relevant areas accordingly. Learn from the experiences of similar companies.

  • Engage with TISAX® Platform:

    Register your company on the TISAX® platform, obtain a scope-ID, and assign an audit provider. Participate in preliminary discussions to verify the assessment level, scope, and requirements.

  • Continuous Improvement:

    Establish mechanisms for continuous improvement. Regularly review and update information security policies and procedures to adapt to evolving threats and industry changes.

  • Collaborate with TISAX® Consultants:

    Collaborate with experienced TISAX® consultants who can guide you through the assessment process, offer tailored solutions, and provide ongoing support.

view more
Image

Benefits for the Company​​

  • Market access and credibility within the automotive industry.
  • Compliance with international information security standards.
  • Strengthened security measures and risk management.
  • Competitive advantage and differentiation in the market.
  • Global recognition and acceptance.
  • Enhanced trust and transparency in data exchange.
  • Streamlined and efficient information sharing with partners.
  • Potential cost savings through improved security.
  • Cultivation of a culture of continuous improvement.
  • Assurance to customers and partners of the company's commitment to information security.
view more

Legal

Lets Talk!

Would you like to learn more about our consulting services?

Then please use the contact form alongside or the contact details provided to reach us.

Available Payments

  • MC Image Master Card
  • Visa Image Visa Card
  • Secure SSL Payment