What is TISAX?
TISAX or the Trusted Information Security Assessment Exchange is established in the automotive industry as a standard for information security. Any company working for customers in the German automotive industry since 2018 needs a TISAX certificate.
Many automotive suppliers and service providers process very sensitive information from their clients. Service providers and suppliers must regularly demonstrate to their customers that they meet the high security requirements for the data provided.
So far, such assessments have been carried out mainly by the producers themselves, which has repeatedly led to unnecessary accumulation in the past. With TISAX (Trusted Information Security Assessment Exchange) occurs for joint evaluation and data exchange.
To reduce unnecessary effort and expenses, VDA introduced a new TISAX (Trusted Information Security Assessment Exchange) evaluation and exchange mechanism in early 2017. The special online platform TISAX is designed to support the interdisciplinary recognition of information security assessments in the automotive industry. By sharing their ISA results online on TISAX, companies allow OEMs to verify for themselves whether a service provider or supplier has already passed the evaluation. In addition, TISAX can be used to entrust audit providers such as TÜV SÜD with an assessment. The results of these evaluations are valid for three years.
Once registered, companies and audit providers can access the platform and share information. The VDA opted for ENX as the TISAX operator and a third party body.
TISAX participants using the platform can:
- Service providers accredited by the Commission carry out assessments
- Share the results of completed evaluations with other participants
- See the results of other participants
WHAT ARE THE DIFFERENT LEVELS OF ASSESSMENT?
There are three levels of evaluation:
Level 1: For standard suppliers, it is sufficient to complete the ISA questionnaire and publish this self-assessment in TISAX.
Level 2: For more complex suppliers, the self-assessment will be followed by a random telephone check of the approved audit provider.
Úroveň 3: Dodávatelia, ktorí narábajú s veľmi citlivými externými údajmi, prechádzajú na mieste kontrolou schváleného poskytovateľa auditu na základe ich sebahodnotenia.
EVALUATION IN 6 STEPS
STEP 1: CLASSIFICATION
In step 1, vendors are classified by OEM / client depending on the sensitivity of the data used.
STEP 2: REGISTRATION
In the next step, they will register in ENX, including their range number.
STEP 3: RATING
TÜV SÜD vykonáva hodnotenie v súlade s požadovanou úrovňou.
STEP 4: REPORT
The assessed company will receive a report from the auditors of TÜV SÜD.
STEP 5: ELIMINATION OF VULNERABILITIES
The evaluated company eliminates the identified vulnerabilities.
STEP 6: SEND THE MESSAGE
The completed message is uploaded to the exchange platform. The exchange of these summaries is only possible between registered participants and only after the evaluated company has explicitly published the results of the applicant company.
What are the benefits of TISAX for you?
- Recognized evidence of strong security risk controls.
- Systematic achievement of confidentiality, availability and integrity of information.
- Strengthening the safety awareness of employees and managers.
- Continuously improving security control and data access.
- More business security, compliance with relevant requirements.
- Great trust and loyalty of all stakeholders.
Join us on your path to a successful audit TISAX.