TRUSTED INFORMATION SECURITY ASSESSMENT EXCHANGE

TISAX is an assessment and exchange mechanism for the information security of enterprises and allows recognition of assessment results among the participants. If you want to process sensitive information from your customers or evaluate the information security of your own suppliers, TISAX supports you in reducing efforts.

MAIN FEATURES

Recognition:

Recognition of TISAX assessments and their regular three-year validity help to avoid effort as well as duplicate assessments.

Utilization at eye level:

Each participant decides for himself to whom results will be revealed and to what degree of detail. At the same time, the participating company can also use its own results for its own risk Management.

Standardized exchange mechanism:

Central exchange processes provide uniform proof of information security.

Free choice of audit provider:

TISAX creates competition among audit providers and allows a joint recognition of assessment results between TISAX participants.

TISAX AUDIT PROVIDER

TISAX enables that audit providers offer mutually accepted assessments based on the VDA ISA catalogue in competition. This means that every participant can select an audit provider and expect standardized assessment results which are accepted by other participants throughout the industry.

EXCHANGING ASSESSMENT RESULTS

The exchange of assessment results within TISAX is merely exclusive for registered participants and only takes place after explicit release of the results by the assessed company for an inquiring company in form of standardized summaries (TISAX Report).

JOINT TISAX ASSESSMENT MECHANISM

The VDA Information Security Assessment (VDA ISA) is an information security requirements catalogue based on key aspects of the international standard ISO/IEC 27001. It is used by companies both for internal purposes as well as assessments by suppliers and service providers who process sensitive information from their respective companies. Since 2017, TISAX has established a common assessment and exchange mechanism for information security audits in accordance with VDA ISA, which is already being used by more than 2.500 companies in more than 40 countries.

GOVERNANCE BY ENX

ENX maintains the Criteria and Requirements (ENX TISAX ACAR). It approves audit providers and monitors the quality of implementation as well as the assessment results. ENX is supported by the TISAX Committee, consisting of representatives of manufacturers, suppliers and associations. Legally, the control function is protected by a contract structure in which ENX holds contracts with all stakeholders, including the audit providers and the participants. This ensures that the results correspond to the desired objectivity and quality. The rights and duties of all participants – small or large – are respected...Read more

PARTICIPATION INFORMATION

TISAX participants can embody two roles: providing and/or accessing assessment information. Active participants are assessed and provide the respective assessment result to other participants via TISAX Exchange. Passive participants can request assessment results of other participants through TISAX Exchange and access those results via the platform when the request has been confirmed. Every participant can assume both roles at the same time according to its needs. TISAX does not differentiate between these roles.

These are the four steps to successfully use TISAX:

  • Registration (TISAX Participant & TISAX Assessment Scope)
  • Selection of an audit provider
  • Undergoing a TISAX assessment
  • Exchange of the assessment results with existing and potential partners within TISAX

REGISTRATION SCHEMES