TRUSTED INFORMATION SECURITY ASSESSMENT EXCHANGE

TISAX is an assessment and exchange mechanism for the information security of enterprises and allows recognition of assessment results among the participants. If you want to process sensitive information from your customers or evaluate the information security of your own suppliers, TISAX supports you in reducing efforts.

MAIN FEATURES

Recognition:
Recognition of TISAX assessments and their regular three-year validity help to avoid effort as well as duplicate assessments.

Utilization at eye level:
Each participant decides for himself to whom results will be revealed and to what degree of detail. At the same time, the participating company can also use its own results for its own risk Management.

Standardized exchange mechanism:
Central exchange processes provide uniform proof of information security.

Free choice of audit provider:
TISAX creates competition among audit providers and allows a joint recognition of assessment results between TISAX participants.

JOINT TISAX ASSESSMENT MECHANISM

The VDA Information Security Assessment (VDA ISA) is an information security requirements catalogue based on key aspects of the international standard ISO/IEC 27001. It is used by companies both for internal purposes as well as assessments by suppliers and service providers who process sensitive information from their respective companies.

Since 2017, TISAX, the Trusted Information Security Assessment Exchange, has established a common assessment and exchange mechanism for information security audits in accordance with VDA ISA, which is already being used by more than 1.000 companies in more than 40 countries. Currently, five audit providers accredited by ENX Association offer TISAX assessments. ENX Association is the operator of TISAX and entrusted with the implementation as a neutral authority by the VDA.

GOVERNANCE BY ENX

ENX maintains the accreditation criteria and assessment requirements (“TISAX ACAR”). It accredits audit providers and monitors the quality of implementation as well as the assessment results. ENX is supported by the TISAX Committee, consisting of representatives of manufacturers, suppliers and associations. Legally, the control function is protected by a contract structure in which ENX holds contracts with all stakeholders, including the audit providers and the participants. This ensures that the results correspond to the desired objectivity and quality. The rights and duties of all participants – small or large – are respected... Read more

PARTICIPATION INFORMATION

TISAX participants can embody two roles: providing and/or accessing assessment information. Active participants are assessed and provide the respective assessment result to other participants via TISAX Exchange. Passive participants can request assessment results of other participants through TISAX Exchange and access those results via the platform when the request has been confirmed. Every participant can assume both roles at the same time according to its needs. TISAX does not differentiate between these roles.

These are the four steps to successfully use TISAX:

  • Registration
  • Selection of an audit provider
  • Undergoing a TISAX assessment
  • Exchange of the assessment results with existing and potential partners within TISAX

REGISTRATION SCHEMES

REGISTRATION

Registration is a prerequisite to participate in TISAX. As a registered Participant, your company can:

  • commission assessments and have them carried out by accredited audit providers
  • share results with other Participants from assessments performed
  • access results shared with your company by other Participants.
Register a new TISAX Account

TISAX SIGN IN

Your company is already registered in TISAX, please use the Sign In on the ENX Portal.

Sign In

AUDIT PROVIDER SELECTION BY THE PARTICIPANT

TISAX enables that accredited audit providers offer mutually accepted assessments based on the VDA ISA catalogue in competition. This means that every participant can select an audit provider and expect standardized assessment results which are accepted by other participants throughout the industry. This is enabled by an assessment system featuring distinct scopes of services which is equally suitable for all enterprises along the entire value-creation chain of the automotive industry.

Clearly defined packages allow for economical assessments aligned to the individual protection needs.

TISAX ACCREDITED AUDIT PROVIDER

Currently, there are five TISAX-accrededited audit providers performing assessments all over the world:

  • Ernst & Young GmbH Wirtschaftsprüfungsgesellschaft
  • KPMG AG Wirtschaftsprüfungsgesellschaft
  • operational services GmbH & Co. KG
  • PwC Certification Services GmbH
  • TÜV Rheinland i-sec GmbH

The following audit providers are about to complete the TISAX accreditation and can already conduct TISAX assessments:

  • DEKRA Certification GmbH
  • Deloitte Certification Services GmbH 
  • DQS BIT GmbH
  • TÜV NORD CERT GmbH

ACCREDITATION AS AUDIT PROVIDER

The ENX TISAX accreditation is based on a framework of Accreditation Criteria and Assessment Requirements (ENX TISAX ACAR). These criteria consist of two parts:

  • Part A: General requirements on audit providers
  • Part B: Specific requirements for ENX TISAX Audit Providers

Get in touch with us via email tisax-accreditation@enx.com, if you want your enterprise to become accredited as a TISAX audit provider. We gladly inform you about the requirements and the process flow in detail.

EXCHANGING ASSESSMENT RESULTS

The exchange of assessment results within TISAX is merely exclusive for registered participants and only takes place after explicit release of the results by the assessed company for an inquiring company in form of standardized summaries (TISAX Report). The scope of the information provided is based on the requirements of the requesting participant.