TRUSTED INFORMATION SECURITY ASSESSMENT EXCHANGE

TISAX is an assessment and exchange mechanism for the information security of enterprises and allows recognition of assessment results among the participants. If you want to process sensitive information from your customers or evaluate the information security of your own suppliers, TISAX supports you in reducing efforts.

MAIN FEATURES

Recognition:
Recognition of TISAX assessments and their regular three-year validity help to avoid effort as well as duplicate assessments.

Utilization at eye level:
Each participant decides for himself to whom results will be revealed and to what degree of detail. At the same time, the participating company can also use its own results for its own risk Management.

Standardized exchange mechanism:
Central exchange processes provide uniform proof of information security.

Free choice of audit provider:
TISAX creates competition among audit providers and allows a joint recognition of assessment results between TISAX participants.

JOINT TISAX ASSESSMENT MECHANISM

The VDA Information Security Assessment (VDA ISA) is an information security requirements catalogue based on key aspects of the international standard ISO/IEC 27001. It is used by companies both for internal purposes as well as assessments by suppliers and service providers who process sensitive information from their respective companies.

Since 2017, TISAX, the Trusted Information Security Assessment Exchange, has established a common assessment and exchange mechanism for information security audits in accordance with VDA ISA, which is already being used by more than 1.000 companies in more than 40 countries. Currently, ten audit providers approved by ENX Association offer TISAX assessments. ENX Association is the operator of TISAX and entrusted with the implementation as a neutral authority by the VDA.

GOVERNANCE BY ENX

ENX maintains the Criteria and Requirements (ENX TISAX ACAR). It approves audit providers and monitors the quality of implementation as well as the assessment results. ENX is supported by the TISAX Committee, consisting of representatives of manufacturers, suppliers and associations. Legally, the control function is protected by a contract structure in which ENX holds contracts with all stakeholders, including the audit providers and the participants. This ensures that the results correspond to the desired objectivity and quality. The rights and duties of all participants – small or large – are respected... Read more

PARTICIPATION INFORMATION

TISAX participants can embody two roles: providing and/or accessing assessment information. Active participants are assessed and provide the respective assessment result to other participants via TISAX Exchange. Passive participants can request assessment results of other participants through TISAX Exchange and access those results via the platform when the request has been confirmed. Every participant can assume both roles at the same time according to its needs. TISAX does not differentiate between these roles.

These are the four steps to successfully use TISAX:

  • Registration (TISAX Participant & TISAX Assessment Scope
  • Selection of an audit provider
  • Undergoing a TISAX assessment
  • Exchange of the assessment results with existing and potential partners within TISAX
REGISTRATION SCHEMES
REGISTRATION

Registration is a prerequisite to participate in TISAX. As a registered Participant, your company can:

  • commission assessments and have them carried out by approved audit providers
  • share results with other Participants from assessments performed
  • access results shared with your company by other Participants.
Register a new TISAX Account
TISAX SIGN IN

Your company is already registered in TISAX, please use the Sign In on the ENX Portal.

Sign In

AUDIT PROVIDER SELECTION BY THE PARTICIPANT

TISAX enables that audit providers offer mutually accepted assessments based on the VDA ISA catalogue in competition. This means that every participant can select an audit provider and expect standardized assessment results which are accepted by other participants throughout the industry. This is enabled by an assessment system featuring distinct scopes of services which is equally suitable for all enterprises along the entire value-creation chain of the automotive industry. Clearly defined packages allow for economical assessments aligned to the individual protection needs. Participants will receive the most recent list of TISAX audit providers and corresponding contact data after a successful scope registration.

TISAX AUDIT PROVIDER

The following TISAX audit providers performing assessments all over the world:

  • Ernst & Young GmbH Wirtschaftsprüfungsgesellschaft
  • KPMG AG Wirtschaftsprüfungsgesellschaft
  • operational services GmbH & Co. KG
  • PricewaterhouseCoopers (PERSICON cert GmbH)
  • TÜV Rheinland i-sec GmbH

The following audit providers are in completion of the TISAX process and do already conduct TISAX assessments:

  • Bureau Veritas Certification
  • DEKRA Certification GmbH
  • Deloitte Certification Services GmbH
  • DQS BIT GmbH
  • TÜV NORD CERT GmbH
  • TÜV SÜD Management Service GmbH
Approval AS AUDIT PROVIDER

TISAX assessments and admission of audit providers are based on a framework of Criteria and Requirements (ENX TISAX ACAR). These criteria consist of two parts:

  • Part A: General requirements on audit providers
  • Part B: Specific requirements for ENX TISAX Audit Providers

Contact tisax-ap@enx.com if you want your enterprise to become a TISAX audit provider. We gladly inform you about the requirements and the process flow in detail.

EXCHANGING ASSESSMENT RESULTS

The exchange of assessment results within TISAX is merely exclusive for registered participants and only takes place after explicit release of the results by the assessed company for an inquiring company in form of standardized summaries (TISAX Report). The scope of the information provided is based on the requirements of the requesting participant.