Whitepaper TISAX®
DEKRA TISAX Whitepaper (PDF, 1011.8 KB)
HomepageBusiness CustomersAll ServicesAuditManagement System CertificationInformation Security Management System (ISMS)
TISAX® Assessment
Prove your information security standards with our TISAX® assessments
Information security is a decisive prerequisite for manufacturers, suppliers and service providers cooperating across the value chain used for sensitive projects in the automotive industry.
We provide optimal services for your TISAX® assessment, which is standardized and graded according to individual requirements of three protection classes.
Benefits of your TISAX® assessment
- Avoid costly and time-consuming duplicate and multiple checks
- Facilitate proof of information security across companies between manufacturers, suppliers and service providers
- Maintain visibility and increase opportunities for contracts
- Select suitable suppliers or service providers from a trusted platform
Established in early 2017, the TISAX® testing and exchange mechanism was founded on the German Association of the Automotive Industry (VDA) catalogue of ISA (Information Security Assessment) requirements, largely established on the basis of the international ISO/IEC 27001 standard. The platform provides members throughout the value chain standardized assessment of their information security status to be shared with partners working throughout the automotive industry.
The ENX Association, as the operator of the TISAX® program, has defined the levels and scope of the assessments. TISAX® differentiates between three different protection classes and assessment levels according to which a company can be audited and which depend on the protection requirements of the information.
After initial registration, companies wishing to join the TISAX® platform commission a testing service provider such as DEKRA to assess their information security. Assessment begins with a basic test on the topic of information security and offers further optional modules such as prototype protection, data protection, and connection to third parties. This eliminates special requirements in the extensive individual catalogues of major automobile manufacturers. A final report showing the achieved protection class can then be conveniently shared with selected companies requesting your TISAX® status. Certification is valid for a period of three years.
Your trusted partner for all your information security needs
Our experienced and independent experts provide you comprehensive TISAX® assessment services. With more than 40 accreditations in our portfolio, our services can be tailored according to your needs for maximum benefit. Our audits are recognized by international manufacturers, suppliers and service providers throughout the global automotive value chain.
Frequently Asked Questions
Recognized by participants across the global automotive industry supply chain, the Trusted Information Security Exchange (TISAX®) has established a uniform level of information security to boost confidence in audited companies. Standardized TISAX® assessment eliminates unnecessary and duplicate audits saving you both time and money. Certification is valid for a period of three years.
TISAX® distinguishes between three assessment levels (protection requirements), depending on what protection is required: normal (level 1), high (level 2) and very high (level 3). Inspection methods and efforts are determined by the established security needs.
TISAX® is not limited to manufacturing companies but covers the entire supply chain of the automotive industry. Your individual need to implement TISAX® depends on the particular requirements of your client. If your client does not specifically approach you or change any accepted general terms and conditions, it is advisable to wait and see whether you will need TISAX® assessment for further cooperation.
The TISAX® test catalog was derived from the international ISO 27001 standard and uses the controls defined therein. Instructions describe how the respective requirements (must, should, can) can be implemented, how processes are to be ensured, and which tools can be used. A major difference between the two standards is that TISAX® must achieve a certain maturity level in order to receive the label.
All employees must be included in the scope. This can also be, for example, an employee in production who works with customer information.
The duration of your assessment depends on the size of your company and the amount of travel activity associated with the inspection of your locations. Normally, 2-3 days on site are sufficient to complete the procedure for a company of average size.
From initial to final inspection, the entire TISAX® testing process can take several months. If the test process cannot be successfully completed, you will not receive a TISAX® label. If your company meets all criteria or shows only minor deviations (so-called secondary deviations), the test report will be submitted to ENX. Once this has been accepted, you will receive your (temporary) TISAX® label. If there are major deviations which must first be corrected, the label shall apply from the day on which the deviation is deemed to have been rectified.
It is not possible to make a general statement here. It always depends on the size and the activity of your company. Theoretically, you can cover everything in a single document, as long as it is clear. However, it is advisable to create several documents in which related topics are addressed.
Yes, our pre-assessment service enables you to find out how well you are positioned in the area of information security and what tasks still need to be completed for a successful TISAX® assessment.
Case Study TISAX®
DEKRA TISAX Case Study (PDF, 317.2 KB)
FAQ TISAX®
DEKRA TISAX FAQ (PDF, 279.8 KB)
Technical Guide TISAX®
TISAX Technical Guide (PDF, 573.8 KB)
Update: TISAX® VDA ISA 6.0
TISAX VDA ISA Infosheet (PDF, 454.9 KB)
Update: TISAX® Challenges to the Threat Landscape
Update: TISAX® Challenges to the Threat Landscape (PDF, 1.3 MB)
