top of page

TISAX and the Automotive Industry

What is TISAX?

The automotive industry deals with numerous business-critical assets and confidential data particularly in relation to R&D, design data, technology, and prototypes. In order to systematically safeguard that information, TISAX (Trusted Information Security Assessment Exchange) was developed to help the industry adopt a robust standardised approach to information security management systems and build trust and assurance throughout the supply chain.

The ENX Association, made up of motor manufacturers, suppliers, and national automotive associations, maintains the framework of criteria that defines the required information security management system (ISMS) standards for TISAX. TISAX then enables companies to share their information security assessment results with other participants and potential business partners.

Why get TISAX?

The requirements for TISAX are very closely aligned to ISO/IEC 27001, but also cover additional industry-specific requirements for data protection, supply chain security and prototype protection.

TISAX certification provides assurance that partners are operating to defined standards and best practice, and although not mandatory, it is generally regarded as a precondition to doing business within the European automotive industry.

Therefore, if your company wants to be recognised as a potential supplier or partner for Original Equipment Manufacturers (OEMs) and major car marques, it is essential to go through the TISAX assessment process.

Benefits of TISAX:

· Enables your organisation to systematically secure confidential and business-critical data and effectively manage and mitigate risk.

· Demonstrates your commitment to maintaining best practice security standards and builds confidence and trust in your business.

· Identifies your business as a potential partner throughout the international automotive industry and provides a competitive advantage over companies that do not have the TISAX standard.

· Provides a robust framework to help your organisation manage its regulatory and legal requirements and maintain compliance.

· Delivers efficiencies and promotes easier collaboration between suppliers and manufacturers by eliminating duplication of tasks.

Types of TISAX assessment:

There are 3 basic TISAX Assessment Levels, in addition to optional prototype protection and data protection checks.

· Assessment Level 1: Self-assessment questionnaire.

· Assessment Level 2: Review of self-assessment questionnaire by accredited independent external auditor, remote plausibility check and interview.

· Assessment Level 3: Verification of self-assessment questionnaire by accredited independent external auditor, comprehensive on-site inspection, and interview.

Fortis deliver a wide range of TISAX consultancy services that help organisations to:

· Understand the TISAX assessment requirements, establish which Assessment Level is appropriate for the business and define the scope.

· Carry out a full gap analysis and recommend corrective actions.

· Optimise the existing ISMS to bring it up to the required standard.

· Plan and implement a fully integrated ISMS.

· Ensure ongoing maintenance and assurance of the TISAX framework during the three-year re-certification cycle.

Get in touch to find out more about how we can support your business with TISAX compliance.

8 views0 comments

Recent Posts

See All

Ready for DORA Regulation January 2025?

The EU has introduced a new regulation aimed at bolstering the digital operational resilience of financial entities operating within its borders. Known as the Digital Operational Resilience Act (DORA)


bottom of page