TISAX®

What is TISAX®?

TISAX® (Trusted Information Security Assessment Exchange) is a mechanism for assessing the maturity of information security systems and information exchange in the automotive industry.

 

Suppliers and service providers in the automotive industry often process highly sensitive and confidential data from their customers. This is because manufacturers usually closely involve their suppliers in product development. The level of information security and data cybersecurity should therefore be equally high for all parties involved. Consequently, customers regularly require evidence from their suppliers that they meet these information security requirements.

 

The Information Security Assessment (ISA) requirements catalogue developed and established jointly by the ENX Association and the VDA (German Automotive Industry Association) is used for this purpose. For a long time, each manufacturer audited its suppliers themselves in accordance with the ISA. However, this meant that many companies had to undergo the same audit several times – for each customer separately.

 

In order to streamline this process, in early 2017, the VDA, in cooperation with ENX, created the TISAX® assessment and exchange mechanism and a dedicated platform for sharing the information of the security assessment results among companies of the automotive sector.

BOOK YOUR FREE CONSULTATION

Are you an automotive supplier?
Do you want or need to implement TISAX®?
This is how we can help you:

1. Pre-implementation audit

During the pre-implementation audit:

  • We carry out a detailed analysis of IT processes and infrastructure – filling in the obligatory VDA questionnaire 
  • We assess the level of compliance with TISAX® requirements
  • We identify gaps and areas for improvement or completion
  • We create an action plan and implementation roadmap to achieve compliance with the expected TISAX® maturity level

2. Support in the preparation of documentation

The basis for systematising cybersecurity activities and achieving TISAX® compliance is the implementation of a comprehensive Information Security Management System (ISMS) in line with international standards.

In this area, CyberClue auditors:

  • Carry out a risk assessment
  • Support the implementation of the required security measures in accordance with Annex A of ISO 27001:2022, as well as the specific TISAX® requirements for the automotive industry, such as prototype protection and information sharing in the supply chain
  • Draw necessary policies and procedures
  • Update and adapt existing documentation to the requirements
  • Support the implementation of effective incident response procedures to enable a quick identification, analysis and response to potential threats, in line with eg. the MITRE ATT&CK framework
  • Implement SOC (Security Operation Center) in outsourcing model, in line with TISAX® requirements to maintain a high level of security

3. Training for employees on the implemented system

Once the system has been implemented, we conduct regular training programmes to raise awareness of cyber threats among all employees, with a particular focus on the role of end-users in the security system.

 

4. Training for IT on maintenance and development of ISMS

For the IT department, we provide training including:

  • Information Security Management System documentation management
  • Practical tips on how to take care of system updates and development efficiently
  • Preparation to the audit 

5. Support by certification

At the certification stage we offer:

  • Consultation with experts
  • Support in creating proofs for the audit
BOOK YOUR FREE CONSULTATION