Synergos Logo

TISAX

Trusted Information Security Assessment Exchange

If you’re seeking to bolster information and data security in your automotive organisation, TISAX assessment is the ideal framework.

TISAX signals your commitment to protecting assets—such as prototypes, intellectual property and customer data—through an Information Security Management System aligned with the VDA ISA catalogue. Whether you’re a supplier, manufacturer or service provider, TISAX helps you mitigate security risks and build trust across the automotive supply chain.

What is TISAX?

TISAX is the automotive industry’s information security assessment standard. Achieving a TISAX label shows that your organisation takes the protection of sensitive data seriously, whether that means prototypes, customer information or intellectual property, and that it has an Information Security Management System aligned with the VDA ISA catalogue.

Created in response to rising cyber threats and data breaches across the automotive supply chain, TISAX sets out a clear and structured approach to managing risk. It covers defined policies, documented procedures and staff training, helping to ensure security best practice is applied consistently across the business.

Since TISAX is widely recognised by manufacturers, suppliers and service providers, certification can open the door to new commercial opportunities. By showing that you have strong information security controls in place, your organisation can build trust across the global automotive network and prove its ability to protect critical assets.

TISAX is the industry‑specific information‑security assessment and exchange mechanism published by the German Association of the Automotive Industry (VDA) in collaboration with the ENX Association. Introduced in 2017, it is based on the VDA’s Information Security Assessment (ISA) catalogue—currently at version 6.0.3, published 25 April 2024—and builds on ISO/IEC 27001 with additional requirements for the automotive sector.

The TISAX framework facilitates enhanced protection of sensitive assets—prototypes, intellectual property, customer and employee data—and secures both digital and physical environments. It reviews existing processes to deliver a holistic, practicable roadmap for improvement across people, processes and technology.

Adopting TISAX means taking a risk‑based approach: defining clear information‑security policies, implementing technical and physical safeguards, and providing targeted staff training. It ensures you have an effective incident‑response plan for breaches while managing ongoing risks with full transparency.

TISAX alignment extends to your suppliers and partners, helping ensure they adhere to the same security policies and support GDPR and other regulatory compliance. The assessment covers risk assessment, organisational structure, asset classification, access control, physical security measures, and monitoring and reporting guidelines.

Suitable for any size of automotive organisation or supplier, achieving a TISAX label demonstrates that you implement, maintain and continually improve an Information Security Management System tailored to your industry’s needs—often a prerequisite for doing business with manufacturers and wider supply‑chain partners.

Launching a new car involves sharing sensitive prototype data across a complex supply chain, risking loss or theft of trade secrets. TISAX, the automotive information‑security standard, guides suppliers through a self‑assessment, a third‑party audit and gap remediation, culminating in a TISAX label visible to OEMs.

Why Supply Chain Businesses Need TISAX

TISAX helps you prove that sensitive information is protected. It also reduces friction with customers who expect a recognised security assessment.

Build trust faster

Give OEMs and major suppliers clear evidence that your security controls have been independently checked.

Protect valuable data

Reduce risk around CAD files, prototypes, commercial plans, and other confidential information.

Speed up onboarding

Cut repeat questionnaires and avoid separate customer audits where TISAX is accepted.

Strengthen tender bids

Show procurement teams you are a lower risk option when security requirements are part of the selection process.

Improve internal maturity

Use the framework to identify weak spots and raise standards across teams, processes, and sites.

Stay aligned with customer expectations

Keep pace with security and data protection requirements that continue to tighten across the automotive sector.

Talk to us about your TISAX journey

TISAX Assessment Levels

The required level depends on the type of information you handle and what each customer asks for.

Level 1

Self assessment

You complete the questionnaire yourself. This is used for lower risk cases where basic assurance is enough.

Level 2

Plausibility check

An approved provider reviews your self assessment and supporting evidence remotely.

Level 3

On site assessment

The provider validates your controls in depth, including implementation at the location being assessed.

Level 3 is often required when prototype or highly sensitive data is involved.

TISAX Process in Practice

The handbook is detailed, but the practical path is straightforward when broken into stages.

1. Register and define scope

Create your ENX account, choose objectives, and define sites, systems, and services in scope.

2. Complete the ISA self assessment

Document current controls, gather evidence, and identify gaps before audit starts.

3. Select an approved audit provider

Choose a provider for Level 2 or Level 3 and agree timelines and logistics.

4. Assessment and gap closure

Address findings within the agreed timeframe and provide corrective evidence.

5. Receive and share your label

Once approved, you share results through the TISAX platform with authorised participants.

6. Maintain controls

Keep controls active across the label period and prepare early for renewal.

Important: TISAX results can only be shared with registered participants, and each request must reference a valid Participant ID.

Typical Timeline

Actual timing varies by readiness, scope, and the number of findings. This is a realistic planning baseline.

Register and scope

About 1 to 2 weeks

Portal setup, objectives, locations, and fee completion.

Self assessment and evidence

About 3 to 6 weeks

ISA completion and control evidence preparation.

Audit stage

Level 2: about 2 to 4 weeks. Level 3: schedule dependent

Provider review, interviews, and site validation where required.

Corrective actions

About 2 to 12+ weeks

Finding closure depends on complexity and internal resourcing.

Label issued and shared

Usually a few days after final closure

Report publication and controlled sharing with partner organisations.

I would like to thank the whole team at Synergos for their invaluable help and support in assisting us in our accreditation of ISO9001/14001 and 45001. The process took around 6 months and with Steve Byrom at the helm we had no major issues at audit stage. Thank you all for the support.
John Robertson
John RobertsonDesmo
Jenny at Synergos really went above and beyond to ensure OC24 was ready for its ISO audit. Her knowledge, professionalism and great communication have made the process of obtaining our certification smooth and easy. I look forward to many more years of collaborations together.
Susanna Caddeo
Susanna CaddeoOnecall24
Delighted to be working with Jenny and her team - great partnership approach, understanding and recommending solutions to fit our business. Always friendly, approachable and professional we would highly recommend their services to other companies wishing to go through the ISO process and accreditation.
Gail Weathers
Gail WeathersResource
We have worked with Synergos for several years now and we love that they're so friendly and easy to work with. Everything is explained simply and put into practice effectively. Auditors have struggled to find even an OFI during the past 3 audits which speaks volumes in itself! 🙂
Kevin Embleton
Kevin EmbletonConcept IT
Appointing Synergos to help us manage our ISO credentials and ensure we're managing our policies and our systems properly was the best decision we made last year. And I'm pleased to say that we have just passed our ISO accreditation for another year. It's incredibly reassuring knowing we have Steve to turn to and it's great having someone who helps turn all the formalities into something we can understand!
Moira Throp
Moira Throplike minds
What a company, what a professional service they provide! We required their services to help us prepare for the newer version of ISO plus someone competent to be with us during the inspection. What we got was Jenny Kilburn, Synergos Compliance Manager, whose expert help and professional advice ensured we passed with flying colours! Many, many thanks Jenny and Synergos.
Donald Cameron
Donald CameronPrimasonics
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue