TISAX® Assessment

Update: VDA Information Security Assessment (ISA) catalog version 6 now available
On October 16, 2023, the ENX Association published the latest version of the VDA Information Security Assessment (ISA) catalog, version 6. This catalog serves as the basis for assessing the information and cyber security of organizations within the framework of TISAX®.
The extensive revision of the ISA catalog brings numerous changes and improvements. These include:
  • The leading language is now English and several translations are planned.
  • Additional implementation instructions have been added.
  • The data protection catalog has been completely revised.
The ENX Association has set April 1, 2024 as the effective date for version 6 of the ISA under TISAX®. This gives you sufficient time to familiarize yourself with the changes and to identify and rectify any weaknesses.
If you have any questions about version 6 of the ISA, please do not hesitate to contact our experts.
Find more information here​.

Prove your information security standards with our TISAX® assessments

Information security is a decisive prerequisite for manufacturers, suppliers and service providers cooperating across the value chain used for sensitive projects in the automotive industry.

We provide optimal services for your TISAX® assessment, which is standardized and graded according to individual requirements of three protection classes.
Established in early 2017, the TISAX® testing and exchange mechanism was founded on the German Association of the Automotive Industry (VDA) catalogue of ISA (Information Security Assessment) requirements, largely established on the basis of the international ISO/IEC 27001 standard . The platform provides members throughout the value chain standardized assessment of their information security status to be shared with partners working throughout the automotive industry.
The ENX Association, as the operator of the TISAX® program, has defined the levels and scope of the assessments. TISAX® differentiates between three different protection classes and assessment levels according to which a company can be audited and which depend on the protection requirements of the information.
    Standard suppliers need only to complete the ISA questionnaire and publish this self-assessment in TISAX.
    After initial registration, companies wishing to join the TISAX® platform commission a testing service provider such as DEKRA to assess their information security. Assessment begins with a basic test on the topic of information security and offers further optional modules such as prototype protection, data protection, and connection to third parties. This eliminates special requirements in the extensive individual catalogues of major automobile manufacturers. A final report showing the achieved protection class can then be conveniently shared with selected companies requesting your TISAX® status. Certification is valid for a period of three years.

    Your trusted partner for all your information security needs

    Our experienced and independent experts provide you comprehensive TISAX® assessment services. With more than 40 accreditations in our portfolio, our services can be tailored according to your needs for maximum benefit. Our audits are recognized by international manufacturers, suppliers and service providers throughout the global automotive value chain.

    Frequently Asked Questions

    1. What advantages does TISAX® offer?
    Recognized by participants across the global automotive industry supply chain, the Trusted Information Security Exchange (TISAX®) has established a uniform level of information security to boost confidence in audited companies. Standardized TISAX® assessment eliminates unnecessary and duplicate audits saving you both time and money. Certification is valid for a period of three years.
    2. What is an assessment level?
    3. Is TISAX® assessment required for supply companies and service providers?
    4. Is the content of TISAX® analogous to ISO 27001?
    5. Which employees are relevant to TISAX® assessment?
    6. How long does it take to complete TISAX® assessment?
    7. How long does it take for a company to be considered certified?
    8. Is there a minimum number of process and procedure documents I need to create for the TISAX® exam?
    9. Can DEKRA help me prepare for TISAX® assessment?