Ensure a uniform level of information security among car manufacturers, service providers and suppliers with a Trusted Information Security Assessment Exchange (TISAX) assessment from SGS.
Businesses that want to remain competitive in the digital age must pay close attention to information security. This is particularly true for the automotive industry, where massive amounts of confidential data are exchanged daily.
What is TISAX?
TISAX is the leading automotive industry information security initiative. It helps to protect data by confidently ensuring integrity and availability in automotive business processes, including manufacturing. A dedicated online platform has been developed for the exchange of information security assessment results in the automotive sector. After registration, companies can share their assessment results with trusted business partners.
TISAX is based on the Information Security Assessment (ISA) developed by the German Association of the Automotive Industry (VDA) and Volkswagen. The catalog includes criteria for assessing the information security of automotive supply chain organizations based on ISO/IEC 27001 (information security management systems) and ISO/IEC 27002 (information security controls) but has additional requirements.
The ENX Association maintains the ISA, audit provider criteria and assessment requirements (TISAX ACAR). It also approves audit providers and monitors the quality of implementation and assessment results. ENX is supported by the TISAX Committee, comprising manufacturers, suppliers and associations.
What are the benefits of TISAX?
Successfully passing a TISAX assessment allows an organization to share the TISAX label with business partners. This helps the organization highlight its information security status.
Key benefits include:
- Assessment results recognized by all TISAX participants
- A commonly accepted assessment standard that enables the exchange of assessment results
- Accepted by suppliers and original equipment manufacturers (OEMs)
- Saves time and money
- Creates confidence in your company
- Eliminates duplicate and multiple assessments
What is the TISAX process?
Customer: Register via the TISAX online platform for a scope registration excerpt
Registration on the platform is required. Once done, SGS can be selected as your audit provider for assessment.
Customer: Select and engage an audit provider
To ensure that information is secure, different assessment levels are provided by the audit provider, depending on the protection requirements.
SGS: Document review and/or on-site assessment
- Assessment level 1 (AL 1): Self-assessment
- Assessment level 2 (AL 2): Based on the documentation review with a plausibility check and telephone interview
- Assessment level 3 (AL 3): Based on the documentation review with a plausibility check and an on-site assessment
Customer: Exchange assessment results
Results can be exchanged if the assessed company gives explicit authorization.
Why choose SGS for your TISAX assessment?
With years of worldwide experience in information security and the automotive industry, we are perfectly placed to provide TISAX alongside helping organizations manage their supply chain, providing safe and reliable vehicles, improving quality, efficiency and safety, and reducing environmental impact.
We can guide you through the entire TISAX process, including registration, assessment provider selection, document review and/or on-site assessment and exchange of results.
SGS Academy also offers a TISAX Introduction Training Course. On completion of this face-to-face or virtual instructor-led training (VILT) course, you will understand TISAX requirements and elements, the differences between the initiative and ISO/IEC 27001, and how to execute a TISAX project.
SGS-TÜV Saar GmbH is authorized by the ENX Association to offer TISAX assessment services. The intellectual property associated with TISAX and the related trademarks are held by ENX.