TISAX

Based on TISAX®, the VDA Information Security Assessment (ISA) is used as a catalog of criteria for assessing information security in the "participant" companies. According to TISAX®, there are two types of participants: active and passive participant. The 'active' participant refers to supplier companies whose TISAX® is assessed and the results of assessment are shared with the 'passive' participant who requests for the assessment result. 

Unlike ISO/IEC 27001, VDA ISA emphasizes some specific controls of information security for automotive industry, i.e., the protection of prototypes, third party involvement, and exchange mechanism. The results of successful TISAX® audit ensures a high degree of conformance to the internationally recognized information security standard and guarantees that the participant who passed the audit could maintain an effective ISMS. In addition, this participant will receive a TISAX® label that matches its information security maturity level. The ENX portal or platform enables participants (both active and passive) to exchange the assessment results. This helps passive participants, i.e., OEM or automotive companies, strengthen the feeling of confidence and trust in its active participants, i.e., supplier companies.

1. Focus on the automotive industry - This assessment criteria is particularly relevant for the automotive industry and many automotive manufacturers, e.g. BMW, Audi, Daimler and Ford, require their suppliers to undergo TISAX® assessment and achieve a TISAX® label.

2. Trustworthiness - The assessment process and results are consistent and of high quality across the board due to the very well-established audit monitoring and control process of a neutral organization, i.e., ENX.

3. Information Security Strengthening

4. Efficiency - Avoidance of multiple assessments of information security controls from the customers, saving suppliers’ time and costs.

5. International standard recognition throughout automotive industry.

1. TISAX® Readiness - Justify the appropriate maturity level of the information security management system based on the most up-to-date VDA ISA catalogue and register for TISAX® audit on the ENX Portal.

2. Selection of TISAX®- accredited Audit Provider - Once ready for a TISAX® assessment, the participant chooses a TISAX®-accredited audit provider, e.g., TUV NORD Thailand, to evaluate the maturity level of its ISMS.

3. Assessment of Information Security - The assessment based on an latest assessment scope and requirements that matches the customer’s expectations will be arranged with the AP. The assessment includes review of relevant documents and/or on-site visit, depending on the maturity level chosen.

4. Share of Results - Upon the successful completion of the TISAX® audit, the AP shares the participant with the assessment results and report before ENX updates the status and results of the assessment on its portal prior to an issue of suitable TISAX® label.