TISAX® Assessment
Information security is a decisive prerequisite for manufacturers, suppliers and service providers cooperating across the value chain used for sensitive projects in the automotive industry.
We provide optimal services for your TISAX® assessment, which is standardized and graded according to individual requirements of three protection classes.
Benefits of your TISAX® assessment
- Avoid costly and time-consuming duplicate and multiple checks
- Facilitate proof of information security across companies between manufacturers, suppliers and service providers
- Maintain visibility and increase opportunities for contracts
- Select suitable suppliers or service providers from a trusted platform

Established in early 2017, the TISAX® testing and exchange mechanism was founded on the German Association of the Automotive Industry (VDA) catalogue of ISA (Information Security Assessment) requirements, largely established on the basis of the international ISO/IEC 27001 standard. The platform provides members throughout the value chain standardized assessment of their information security status to be shared with partners working throughout the automotive industry.
The ENX Association, as the operator of the TISAX® program, has defined the levels and scope of the assessments. TISAX® differentiates between three different protection classes and assessment levels according to which a company can be audited and which depend on the protection requirements of the information.
Standard suppliers need only to complete the ISA questionnaire and publish this self-assessment in TISAX.
After initial registration, companies wishing to join the TISAX® platform commission a testing service provider such as DEKRA to assess their information security. Assessment begins with a basic test on the topic of information security and offers further optional modules such as prototype protection, data protection, and connection to third parties. This eliminates special requirements in the extensive individual catalogues of major automobile manufacturers. A final report showing the achieved protection class can then be conveniently shared with selected companies requesting your TISAX® status. Certification is valid for a period of three years.
In cases of more complex suppliers, self-assessment will be followed by random plausibility checks by an approved audit provider over the phone.
After initial registration, companies wishing to join the TISAX® platform commission a testing service provider such as DEKRA to assess their information security. Assessment begins with a basic test on the topic of information security and offers further optional modules such as prototype protection, data protection, and connection to third parties. This eliminates special requirements in the extensive individual catalogues of major automobile manufacturers. A final report showing the achieved protection class can then be conveniently shared with selected companies requesting your TISAX® status. Certification is valid for a period of three years.
Suppliers who handle highly sensitive external data undergo on-site inspection by an approved audit provider such as DEKRA based on their self-assessment.
After initial registration, companies wishing to join the TISAX® platform commission a testing service provider such as DEKRA to assess their information security. Assessment begins with a basic test on the topic of information security and offers further optional modules such as prototype protection, data protection, and connection to third parties. This eliminates special requirements in the extensive individual catalogues of major automobile manufacturers. A final report showing the achieved protection class can then be conveniently shared with selected companies requesting your TISAX® status. Certification is valid for a period of three years.
Your trusted and accredited partner for all your information security needs
Our experienced and independent experts provide you comprehensive TISAX® assessment services. With more than 40 accreditations in our portfolio, our services can be tailored according to your needs for maximum benefit. Our audits are recognized by international manufacturers, suppliers and service providers throughout the global automotive value chain.
Frequently Asked Questions
- 1. What advantages does TISAX® offer?
- 2. What is an assessment level?
- 3. Is TISAX® assessment required for supply companies and service providers?
- 4. Is the content of TISAX® analogous to ISO 27001?
- 5. Which employees are relevant to TISAX® assessment?
- 6. How long does it take to complete TISAX® assessment?
Recognized by participants across the global automotive industry supply chain, the Trusted Information Security Exchange (TISAX®) has established a uniform level of information security to boost confidence in audited companies. Standardized TISAX® assessment eliminates unnecessary and duplicate audits saving you both time and money. Certification is valid for a period of three years.
TISAX® distinguishes between three assessment levels (protection requirements), depending on what protection is required: normal (level 1), high (level 2) and very high (level 3). Inspection methods and efforts are determined by the established security needs.
TISAX® is not limited to manufacturing companies but covers the entire supply chain of the automotive industry. Your individual need to implement TISAX® depends on the particular requirements of your client. If your client does not specifically approach you or change any accepted general terms and conditions, it is advisable to wait and see whether you will need TISAX® assessment for further cooperation.
The TISAX® test catalog was derived from the international ISO 27001 standard and uses the controls defined therein. Instructions describe how the respective requirements (must, should, can) can be implemented, how processes are to be ensured, and which tools can be used. A major difference between the two standards is that TISAX® must achieve a certain maturity level in order to receive the label.
All employees must be included in the scope. This can also be, for example, an employee in production who works with customer information.
The duration of your assessment depends on the size of your company and the amount of travel activity associated with the inspection of your locations. Normally, 2-3 days on site are sufficient to complete the procedure for a company of average size.
Contact us