In the past few years, the ISA1 list of questions created by the VDA “information security” working group, which is based on major aspects of the international standard ISO/IEC 27001, has become the industry standard for information security in the automotive industry. Now the responsible VDA committees have achieved the formal and content-related prerequisites for establishing a joint testing and exchange process with the designation TISAX2.
TISAX is run by the ENX Association, an amalgamation of European car manufacturers, suppliers and associations, commissioned by VDA4 as a neutral entity. The ENX Association approves auditing service providers in accordance with a strict process, which includes general requirements for auditing service providers and specific requirements for TISAX auditing service providers. ENX also monitors the quality of the implementation and assessment results.
In order to legally safeguard this feature and achieve mutual recognition of assessments by the participants, ENX is entering into appropriate agreements with all approved auditing service providers and with the participants. Thanks to the standardisation and quality monitoring, joint recognition of audit results has been achieved among all the TISAX participants. This will prevent unnecessary double audits or multiple audits.