Lots of car manufacturers frequently develop their products in collaboration with supplier companies. In order to guarantee safe processing and a confident exchange of data, the automotive industry union developed the testing and exchange mechanism TISAX® (Trusted Information Security Assessment Exchange) in 2017.
This is meant to ensure that business partners working together have a comparable and appropriate level of IT security. Special attention may be paid to comprehensive prototype protection, meaning that prototypes are well protected at every stage of the supply chain.
Car suppliers and service providers needing to prepare for TISAX® certification turn towards the VDA-ISA question list which is in turn largely inspired by the requirements of the standard DIN ISO 27001.
An important part of this standard is the development of an information security management system (ISMS), which requires 3 elements in particular: 1. the development of basic ISMS processes, 2. an established risk management system within the company, 3. an internal control system which regularly deals with corporate risks.
Lots of car manufacturers frequently develop their products in collaboration with supplier companies. In order to guarantee safe processing and a confident exchange of data, the automotive industry union developed the testing and exchange mechanism TISAX® (Trusted Information Security Assessment Exchange) in 2017.
This is meant to ensure that business partners working together have a comparable and appropriate level of IT security. Special attention may be paid to comprehensive prototype protection, meaning that prototypes are well protected at every stage of the supply chain.
Car suppliers and service providers needing to prepare for TISAX® certification turn towards the VDA-ISA question list which is in turn largely inspired by the requirements of the standard DIN ISO 27001.
An important part of this standard is the development of an information security management system (ISMS), which requires 3 elements in particular: 1. the development of basic ISMS processes, 2. an established risk management system within the company, 3. an internal control system which regularly deals with corporate risks.
Developing and maintaining an information security management system (ISMS) is already a complex task. Proving to your business partners that ISMS is up to the job further increases the complexity and the amount of work. However, as a standard in the automotive industry, TISAX® reduces the amount of work through the uniformity of the integrated security level. Furthermore, the secure exchange platform ensures the secure exchange of information regarding your ISMS status, the so-called TISAX® label.
However, achieving this depends on many complex, individual questionnaires per business relationship, and TISAX® certification needs to be renewed every 3 years. We’ll be happy to help you prepare for handling these complex details and to pass the TISAX® audit.
In order to obtain TISAX® certification and be able to prove it long-term, it is necessary to develop an ISMS which guarantees the specifications and the required level (in accordance with ISO 27001). To develop this with you, we record your basic data at the start of our time working together and carry out an audit of the relevant departments to determine what chance your company has of passing the TISAX® certification process. We work out the gaps between “what is” and “what could be” and set up an optimal implementation action plan for you.
To do this, we take your business model and the appropriate VDA category into consideration, as well as the individual scope for the certification you’re aiming for and we provide you with templates for questionnaires, checklists, etc. to simplify and speed up the process.
Developing and maintaining an information security management system (ISMS) is already a complex task. Proving to your business partners that ISMS is up to the job further increases the complexity and the amount of work. However, as a standard in the automotive industry, TISAX® reduces the amount of work through the uniformity of the integrated security level. Furthermore, the secure exchange platform ensures the secure exchange of information regarding your ISMS status, the so-called TISAX® label.
However, achieving this depends on many complex, individual questionnaires per business relationship, and TISAX® certification needs to be renewed every 3 years. We’ll be happy to help you prepare for handling these complex details and to pass the TISAX® audit.
In order to obtain TISAX® certification and be able to prove it long-term, it is necessary to develop an ISMS which guarantees the specifications and the required level (in accordance with ISO 27001). To develop this with you, we record your basic data at the start of our time working together and carry out an audit of the relevant departments to determine what chance your company has of passing the TISAX® certification process. We work out the gaps between “what is” and “what could be” and set up an optimal implementation action plan for you.
To do this, we take your business model and the appropriate VDA category into consideration, as well as the individual scope for the certification you’re aiming for and we provide you with templates for questionnaires, checklists, etc. to simplify and speed up the process.
“An excellent collaborative partnership. This is characterised by the competent, comprehensive data protection advice, which was always geared towards our requirements. It is nice to have data protection officers bringing concrete recommendations for solutions to take us forward instead of constantly only talking about what isn’t possible.”
“Competence – reliability – flexibility! These three characteristics define our experience of working with them. For us, aigner business solutions is the best place to go to take your data protection and IT security to the next professional level in a solutions-oriented way.”
“Sonnleitner Holzbauwerke GmbH & Co. KG has always taken the topic of data protection very seriously, which is why we only work together with extremely competent partners.
Right from the first discussion, aigner business solutions showed that we’d found a reliable partner here. Ever since, our work together has been characterised by trust, openness and mutual appreciation and we’re very happy with the comprehensive service in every respect. As a result, we can’t recommend aigner business solutions highly enough.”
Klaus Müller – commercial director
✔ We implement or update your ISMS so that it meets the required level
✔ We adjust your IT security level so that certification is successful
✔ We create workable plans for achieving the required security level
✔ We support you during the certification process and provide assistance as a consultant
✔ You’ll receive templates, e.g. questionnaires and checklists to make your preparations easier
✔ Aim: to successfully obtain TISAX® certification
Click on the “Make an appointment” button, fill out the contact form with your details and make a suitable phone appointment for a free consultation.
Together we’ll find out how we can help you on your path to TISAX certification.
We identify your basic data, work with you to determine the scope and audit your company to work out whether you meet the standards in place for TISAX certification and supply you with a plan of action.
ISMS processes which do not meet the requirements will be reworked with you in accordance with the plan of action, and you’ll also receive additional start-up support with our standard templates.
We’ll support you with the processes around the certification process and assist you with guidance and resources.
Is the consultation really free?
Yes, it’s completely free and non-binding – it is just an opportunity to get to know each other and to find out if and how we can help you with your issues. You will absolutely not be invoiced for the consultation.
What exactly is TISAX?
In the past few years, the ISA1 list of questions created by the VDA “information security” working group, which is based on major aspects of the international standard ISO/IEC 27001, has become the industry standard for information security in the automotive industry. Now the responsible VDA committees have achieved the formal and content-related prerequisites for establishing a joint testing and exchange process with the designation TISAX2.
TISAX is run by the ENX Association, an amalgamation of European car manufacturers, suppliers and associations, commissioned by VDA4 as a neutral entity. The ENX Association approves auditing service providers in accordance with a strict process, which includes general requirements for auditing service providers and specific requirements for TISAX auditing service providers. ENX also monitors the quality of the implementation and assessment results.
In order to legally safeguard this feature and achieve mutual recognition of assessments by the participants, ENX is entering into appropriate agreements with all approved auditing service providers and with the participants. Thanks to the standardisation and quality monitoring, joint recognition of audit results has been achieved among all the TISAX participants. This will prevent unnecessary double audits or multiple audits.
Do you carry out the certification?
No. The actual TISAX certification is only carried by service providers approved by the ENX association (such as TÜV). Consultation and preparation deliberately take place separately from the actual certification process. But we’ll prepare you for the actual audit as best we can so that you’ll be sure to pass.
How does TISAX work?
The idea behind TISAX: Participants in the process use a common online portal to exchange information on the status of the information security of another participant in the form of results for an assessment which had been carried out.
It’s important to note that not every TISAX participant has automatic access to the assessment results of another participant. The audited company itself gives its express approval on a case by case basis to decide who receives what information within the TISAX network.
Goldener Steig 42 
