The TISAX (Trusted Information Assessment Exchange) standard was developed by the German Automobile Industry Association (Verband der Automobilindustrie, VDA) in cooperation with the Association of European Automobile Manufacturers (European Network Exchange, ENX). The VDA is the body responsible for TISAX, and the EN Association organization verifies the quality of implementation and evaluation results.
The TISAX standard is a standardized information security assessment (ISA) catalog of the European automotive industry based on the requirements of ISO 27001 and is intended for manufacturers of automotive components.
TISAX members have access to an online platform for the purpose of exchanging information about the information security status of another member in the automotive components supply chain.
Within the exchange model, there are 2 roles that each participating company can assume according to its needs:
- Passive Participant (e.g. OEM (Original Equipment Manufacturer), Automobile Manufacturer): Requires another company (e.g. supplier) to pass an assessment and requests access to the assessment results.
- Active Participant (for example, supplier): A company that undergoes evaluation at the request of another company (for example, OEM or customer) or undertakes to undergo evaluation on its own initiative. After completion, an active participant can allow selected companies (for example, OEMs) to access the evaluation results.
Participating companies in the automotive industry must regularly, once every 3 years, undergo an inspection audit for compliance with safety criteria in their sector. The audit is carried out according to the VDA ISO Questionnaire only by certification bodies accredited according to TISAX.
Stages for obtaining ISO certification
1) Online registration on the TISAX platform
2) Selection and appointment of an appropriate accredited certification body
3) Conducting an assessment using documentation and on-site assessment
4) Exchange of information on the results of the audit with other selected TISAX participants, based on the permission of the audited organization.
Benefits of implementation and certification:
- focus on customer needs;
- high quality assessment and transparency due to standardized testing and reporting procedures;
- appropriate evaluation criteria according to the requirements of the automotive sector;
- recognition in the automotive sector;
- risk reduction and implementation of risk management.