Trusted Information Security Assessment Exchange (TISAX)

Trusted Information Security Assessment Exchange (TISAX) – Purpose

Original Equipment Manufacturers (OEM) frequently share confidential information, such as a prototype design specifications, risk assessments, engineering changes, quality/regulatory requirements and other important information along the extensive supply chain. If this data is not effectively protected, the exchanges along the supply chain may cause losses, manipulation or even theft of trade secrets. Consequently, OEMs will want to ensure that their suppliers and partners, including marketing and sales organizations, have a solid information security management system in place before they are contracted.

Overview of TISAX

TISAX is an assessment and exchange mechanism for information security in the automotive industry. The TISAX certification confirms that a company’s information security management system complies with defined security levels and allows sharing of assessment results across a designated platform.

The German Association of the Automotive Industry (VDA) established a set of widely accepted security requirements and outlined these in a catalogue known as the VDA Information Security Assessment (ISA). The TISAX certification is based on the ISA requirements.

There are Three Assessment Levels:

• Level 1: Standard suppliers only need to complete the ISA self-assessment questionnaire and publish this self-assessment in TISAX.
• Level 2: In the case of more complex suppliers, the self-assessment will be followed by random virtual checks by an approved audit provider.
• Level 3: Suppliers who handle highly sensitive external data undergo on-site inspection by an approved audit provider based on their self-assessment.

Benefits of TISAX Certification

• Gaining a competitive edge by fulfilling stringent requirements and creating customer trust
• Protecting critical data and reducing liabilities
• Identify and address risk
• Gain recognition in the Supply Chain

TISAX Certification Process

Based on current/potential Customer requests, companies will initiate the TISAX certification process. Your individual TISAX journey will depend on your objectives, as well as the status of your current information security system. Irrespective of the path chosen, QSG offers training and consulting services to support you through the process, step-by-step.

Steps to TISAX Certification

If your company does not yet have an effective information security management system (ISMS) in place, one option is to implement an ISMS according to the leading management system standard for information security, ISO/IEC 27001. Although not required for TISAX Certification, it’s regarded as a solid foundation for a subsequent TISAX assessment. QSG offers public training to support implementation of ISMS, as well as auditing and consulting services for companies interested in ISMS according to ISO/IEC 27001.

The TISAX certification process starts with a thorough self-assessment. A good understanding of the TISAX requirements and criteria is vital for the internal analysis and can help you take necessary steps to close critical gaps before the external audit. QSG offers gap assessments to help you understand your current state as to the TISAX requirements.

QSG is Your Trusted Resource

QSG is a leading provider of consulting and training services for management system standards. With an experienced network of consultants, we help customers worldwide to meet their business objectives.

Contact Angelo Scangas (USA 978-430-7611)