TISAX®

What is TISAX®?

TISAX® (Trusted Information Security Assessment Exchange) is a mechanism for assessing the maturity of information security systems and information exchange in the automotive industry.

 

Suppliers and service providers in the automotive industry often process highly sensitive and confidential data from their customers. This is because manufacturers usually closely involve their suppliers in product development. The level of information security and data cyber security should therefore be equally high for all parties involved. Consequently, customers regularly require evidence from their suppliers that they meet these information security requirements.

 

The Information Security Assessment (ISA) requirements catalogue developed and established jointly by the ENX Association and the VDA (German Automotive Industry Association) is usually used for this purpose. For a long time, each manufacturer audited its suppliers themselves in accordance with the ISA. However, this meant that many companies had to undergo the same audit several times – for each customer separately.

 

In order to streamline this process, in early 2017, the VDA, in cooperation with ENX, created the TISAX® assessment and exchange mechanism and a dedicated platform for sharing automotive information security assessment results between companies in the sector.

MAKE AN APPOINTMENT FOR A FREE CONSULTATION

Are you an automotive supplier?
Do you want or need to implement TISAX®?
This is how we can help you:

1. Pre-implementation audit

During the pre-implementation audit:

  • We carry out a detailed analysis of IT processes and infrastructure
  • We assess the level of compliance with TISAX® requirements
  • We identify gaps and areas for improvement or completion
  • We create an action plan and implementation roadmap to achieve compliance with the expected TISAX® maturity level

2. support in the preparation of documentation

The basis for systematising cyber security activities and achieving TISAX® compliance is the implementation of a comprehensive information security management system in line with international standards

 

In this area, CyberClue auditors:

  • Carry out identification and assessment of data and information protection threats and risks, allowing informed decisions to be made about priorities for action
  • Support the implementation of the required security measures in accordance with Annex A of ISO 27001:2022, as well as the specific TISAX® requirements for the automotive industry, such as prototype protection and information sharing in the supply chain
  • Prepare ISA document and necessary policies and procedures
  • Update and adapt existing documentation to requirements
  • Support the implementation of effective incident response procedures to enable the rapid identification, analysis and response to potential threats, in line with the MITRE ATT&CK framework
  • Conduct continuous monitoring and improvement of security processes, including internal and external audits, in line with TISAX® requirements to maintain a high level of security

3. training for employees on the implemented system

Once the system has been implemented, we conduct regular training programmes to raise awareness of cyber threats among all employees, with a particular focus on the role of end-users in the security system.

 

4. training for IT on maintenance and development of documentation

For the IT department, we provide training including:

  • Information security system documentation management
  • Practical tips on how to take care of updating and developing the developed system
  • Audit preparation area

5. support for certification

At the certification stage we offer:

  • Consultation with experts
  • Support throughout the certification audit
MAKE AN APPOINTMENT FOR A FREE CONSULTATION