TISAX® requirements: What is checked?

Experts of automotive industry elaborate in the information security working group of the Verband der Automobilindustrie e.V. (VDA, German Association of the Automotive Industry) common standards and appropriate protection measures. A key result of this cooperation is the VDA Information Security Assessment (VDA ISA) which is constantly being developed as an industry standard for information security assessments.

The VDA recommends all companies that are involved in the value chain of the automotive industry to implement information security based on VDA ISA. The current requirements catalog consists of three subject areas combined with a maturity model.

During a TISAX® assessment the conformity with the requirements of the VDA Information Security Assessment is checked. The area of information security always forms the basic assessment. The additional modules “Prototype protection” and “Data protection” can be added as an option, as required. This means that company-specific "special catalogs" with individual requirements of some OEMs are usually not required. This saves time and costs!

The more sensitive the information that you are processing within projects, the higher the level of protection you should select. The following can be used as a rule of thumb:

  • Normal protection requirements is comparable with internal information
  • High protection requirements is comparable with confidential information
  • Very high protection requirements is comparable with classified information

After a successfull assessment you will get a TISAX® Label which is valid for a maximum of 3 years. It is accepted by all TISAX® participants.

TISAX® is a registered trademark of ENX association.