Difference between TISAX® and ISO 27001

ISO 27001 is the most widely known standard that defines the requirements of an ISMS. This standard is generally held and can therefore also be used in any business sector. The aim of the certification is the international recognition of information security in the company. It specifies the minimum requirements for an information security management system. The certificate is valid for three years with the passing of an annual monitoring audit.

The Trusted Information Security Assessment Exchange (TISAX®) is also a model for introducing an ISMS. It is based on a questionnaire developed by the German Association of the Automotive Industry together with the ENX Association. The questionnaire is based on the ISO 27001 standard, so TISAX® is aimed in particular at suppliers in the automotive industry. In contrast to ISO 27001 and other standards, TISAX® also includes prototype protection. In addition, it is possible to select data protection in accordance with Article 28 of the GDPR or data protection for special categories of personal data in accordance with Article 9 of the General Data Protection Regulation as audit objectives. In contrast to ISO 27001, the certificate is valid for three years without an interim audit.

Which standard is the right choice for setting up the ISMS therefore depends on the company and the desired goals. Regardless of this, the introduction of an information security management system is a complex project.

Therefore, we are happy to support and advise you personally in the selection and implementation. Our certified IT specialists will be happy to assist you.. Simply call us at our headquarters in Hutthurm at +49 (0) 8505 91927 – 0 or at our branch office in Munich at +49 (0) 89 413 2943 – 0 or use our contact form.

TISAX® is a registered trademark of the ENX Association.