What Is TISAX?

TISAX – Trusted Information Security Assessment Exchange. It is an information security assessment and exchange mechanism developed specifically for the automotive industry.

It was created by the ENX Association on behalf of the German Association of the Automotive Industry (VDA) to standardize information security requirements across automotive suppliers and partners.

What Is the Purpose of TISAX?

TISAX ensures that companies in the automotive supply chain meet consistent information security requirements when handling:

• Confidential OEM data
• Prototype vehicles and parts
• Development data and intellectual property
• Personal data (e.g., HR and customer information)

Instead of every OEM conducting its own audit, TISAX allows one standardized assessment that can be shared across multiple customers.

What Standard Is TISAX Based On?

TISAX is primarily based on:

• ISO/IEC 27001 – Information Security Management Systems (ISMS)
• The VDA ISA (Information Security Assessment) catalog

The VDA ISA includes additional automotive-specific requirements beyond ISO 27001, such as:

• Prototype protection
• Handling of high-confidential data
• Secure development environments

How TISAX Works

1. Registration – Company registers on the ENX TISAX portal.
2. Scope Definition – Define sites, services, and protection level.
3. Assessment – Conducted by an ENX-approved audit provider.
4. Result Publication – Results are shared via the TISAX platform with authorized partners.
5. Validity – Typically valid for 3 years.

Unlike ISO 27001 certification, TISAX is technically an assessment rather than a traditional accredited certification.