TISAX – Driving Information Security in the Automotive Industry

We outline why the Trusted Information Security Assessment Exchange (TISAX^®) is crucial to automotive information security.

Why TISAX?

Ensure a uniform level of information security among car manufacturers, service providers and suppliers.

Businesses that want to remain competitive in the digital age must pay close attention to information security. This is particularly true for the automotive industry, where massive amounts of confidential data are exchanged daily.

TISAX is the leading automotive industry information security initiative. It helps to protect data by confidently ensuring integrity and availability in automotive business processes, including manufacturing. A dedicated online platform has been developed for the exchange of information security assessment results in the automotive sector. After registration, companies can share their assessment results with trusted business partners.

TISAX is based on the Information Security Assessment (ISA) developed by the German Association of the Automotive Industry (VDA) and Volkswagen. The catalog includes criteria for assessing the information security of automotive supply chain organizations based on ISO/IEC 27001 (information security management systems) and ISO/IEC 27002 (information security controls) but has additional requirements.

The ENX Association maintains the ISA, audit provider criteria and assessment requirements (TISAX ACAR). It also approves audit providers and monitors the quality of implementation and assessment results. ENX is supported by the TISAX Committee, comprising manufacturers, suppliers and associations.

What are the advantages of TISAX?

Successfully passing a TISAX assessment allows an organization to share the TISAX label with business partners. This helps the organization highlight its information security status.

Key advantages include:

• Assessment results recognized by all TISAX participants
• A commonly accepted assessment standard that enables the exchange of assessment results
• Accepted by suppliers and original equipment manufacturers (OEMs)
• Saves time and money
• Creates confidence in your company
• Eliminates duplicate and multiple assessments

Four steps to assessment

1. Customer: Register via the TISAX online platform for a scope registration excerpt
• Registration on the platform is required. Once done, SGS can be selected as your audit provider for assessment
2. Customer: Select and engage an audit provider
• To ensure that information is secure, different assessment levels are provided by the audit provider, depending on the protection requirements
3. SGS: Document review and/or on-site assessment
• Assessment level 1 (AL 1): self-assessment
• Assessment level 2 (AL 2): based on the documentation review with a plausibility check and telephone interview
• Assessment level 3 (AL 3): based on the documentation review with a plausibility check and an on-site assessment
4. Customer: exchange assessment results
• Results can be exchanged if the assessed company gives explicit authorization

How can SGS help?

With years of worldwide experience in information security and the automotive industry, we are perfectly placed to provide TISAX alongside helping organizations manage their supply chain, providing safe and reliable vehicles, improving quality, efficiency and safety, and reducing environmental impact.

We can guide you through the entire TISAX process, including registration, assessment provider selection, document review and/or on-site assessment and exchange of results.

SGS Academy also offers a TISAX Introduction Training Course. On completion of this face-to-face or virtual instructor-led training (VILT) course, you will understand TISAX requirements and elements, the differences between the initiative and ISO/IEC 27001, and how to execute a TISAX project.

Contact us to start your TISAX journey.

For further information, please contact:

Jason Hulbert
Associate Marketing Manager
Knowledge
t: +44 7912426878