Build trust faster
Give OEMs and major suppliers clear evidence that your security controls have been independently checked.
TISAX signals your commitment to protecting assets—such as prototypes, intellectual property and customer data—through an Information Security Management System aligned with the VDA ISA catalogue. Whether you’re a supplier, manufacturer or service provider, TISAX helps you mitigate security risks and build trust across the automotive supply chain.
TISAX is the automotive industry’s information security assessment standard. Achieving a TISAX label shows that your organisation takes the protection of sensitive data seriously, whether that means prototypes, customer information or intellectual property, and that it has an Information Security Management System aligned with the VDA ISA catalogue.
Created in response to rising cyber threats and data breaches across the automotive supply chain, TISAX sets out a clear and structured approach to managing risk. It covers defined policies, documented procedures and staff training, helping to ensure security best practice is applied consistently across the business.
Since TISAX is widely recognised by manufacturers, suppliers and service providers, certification can open the door to new commercial opportunities. By showing that you have strong information security controls in place, your organisation can build trust across the global automotive network and prove its ability to protect critical assets.
TISAX is the industry‑specific information‑security assessment and exchange mechanism published by the German Association of the Automotive Industry (VDA) in collaboration with the ENX Association. Introduced in 2017, it is based on the VDA’s Information Security Assessment (ISA) catalogue—currently at version 6.0.3, published 25 April 2024—and builds on ISO/IEC 27001 with additional requirements for the automotive sector.
The TISAX framework facilitates enhanced protection of sensitive assets—prototypes, intellectual property, customer and employee data—and secures both digital and physical environments. It reviews existing processes to deliver a holistic, practicable roadmap for improvement across people, processes and technology.
Adopting TISAX means taking a risk‑based approach: defining clear information‑security policies, implementing technical and physical safeguards, and providing targeted staff training. It ensures you have an effective incident‑response plan for breaches while managing ongoing risks with full transparency.
TISAX alignment extends to your suppliers and partners, helping ensure they adhere to the same security policies and support GDPR and other regulatory compliance. The assessment covers risk assessment, organisational structure, asset classification, access control, physical security measures, and monitoring and reporting guidelines.
Suitable for any size of automotive organisation or supplier, achieving a TISAX label demonstrates that you implement, maintain and continually improve an Information Security Management System tailored to your industry’s needs—often a prerequisite for doing business with manufacturers and wider supply‑chain partners.
Launching a new car involves sharing sensitive prototype data across a complex supply chain, risking loss or theft of trade secrets. TISAX, the automotive information‑security standard, guides suppliers through a self‑assessment, a third‑party audit and gap remediation, culminating in a TISAX label visible to OEMs.
TISAX helps you prove that sensitive information is protected. It also reduces friction with customers who expect a recognised security assessment.
Give OEMs and major suppliers clear evidence that your security controls have been independently checked.
Reduce risk around CAD files, prototypes, commercial plans, and other confidential information.
Cut repeat questionnaires and avoid separate customer audits where TISAX is accepted.
Show procurement teams you are a lower risk option when security requirements are part of the selection process.
Use the framework to identify weak spots and raise standards across teams, processes, and sites.
Keep pace with security and data protection requirements that continue to tighten across the automotive sector.
The required level depends on the type of information you handle and what each customer asks for.
You complete the questionnaire yourself. This is used for lower risk cases where basic assurance is enough.
An approved provider reviews your self assessment and supporting evidence remotely.
The provider validates your controls in depth, including implementation at the location being assessed.
Level 3 is often required when prototype or highly sensitive data is involved.
The handbook is detailed, but the practical path is straightforward when broken into stages.
Create your ENX account, choose objectives, and define sites, systems, and services in scope.
Document current controls, gather evidence, and identify gaps before audit starts.
Choose a provider for Level 2 or Level 3 and agree timelines and logistics.
Address findings within the agreed timeframe and provide corrective evidence.
Once approved, you share results through the TISAX platform with authorised participants.
Keep controls active across the label period and prepare early for renewal.
Actual timing varies by readiness, scope, and the number of findings. This is a realistic planning baseline.
Portal setup, objectives, locations, and fee completion.
ISA completion and control evidence preparation.
Provider review, interviews, and site validation where required.
Finding closure depends on complexity and internal resourcing.
Report publication and controlled sharing with partner organisations.
Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.
Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.
Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.