Contact
Back

TISAX: Security Certification for the Automotive Industry

Image Slider

January 12, 2023

Information security has become much more than just a necessity. In many sectors, such as the automotive industry, security certification establishes a standard for protective measures that guarantees the recognized integrity of information systems to suppliers and customers.

ENX is an association of automotive manufacturers that brings together companies such as Audi, BMW, Bosch, Continental, Daimler, DGA, Ford, Magna, PSA Peugeot Citroën, Renault, Volkswagen, ANFAC (Spain), GALIA (France), SMMT (United Kingdom), and VDA (Germany), and monitors the performance of certified service providers in the sector.

TISAX (Trusted Information Security Assessment Exchange) certification is one such certification that manufacturers are increasingly requiring from their suppliers who wish to collaborate with ENX entities. TISAX enables its members to obtain a standardized assessment of their information security level, resulting in a security rating recorded on its dedicated digital platform. All information requested by members is handled in a completely confidential and secure manner.

Benefits of TISAX Certification

Some of the benefits of this certification include:

  • Enhanced credibility through certification of your information system.
  • Recognition among TISAX members.
  • Have robust strategies in place for better risk management.
  • Transparency thanks to the harmonized VDA ISA catalog.
  • Focus on your customers' needs and expectations.
  • Internationally recognized certification on the TISAX online platform.
  • Full control over who can access your assessment results.
  • TISAX assessment every three years.

What is your role?

Participating organizations can take on two types of roles:

  • Passive participant: Ask another company to undergo the assessment, then request access to the results.
  • Active Participant: Allows the candidate to take the assessment and then grant access to their results to selected partners.

How can I assess my security level?

To participate, just follow these three simple steps:

  1.  Registration: Your selected TISAX service provider will collect information about your organization and determine the scope of the assessment.
  2. Assessment: These are assessments conducted by a certified auditing body.
  3. Sharing: The results, as well as the certifications, will be shared exclusively with designated partners.

What does the assessment involve?

It should be noted that the assessment is based on the requirements ofthe VDA ISA catalog,which focuses on three criteria: information security, prototype protection, and data protection.

The objectives of the evaluation are as follows:

  • Protection of prototype parts and components.
  • Protection of prototype vehicles.
  • Handling of vehicles and test components.
  • Protection of prototypes during events, film shoots, and photo shoots.

The TISAX model and the ISO 27001 standard

The assessment is based on theVDA Information Security Assessment (CDA ISA) test catalog, which is itself based on the ISO/IEC 27001 or ISO/IEC 27002 requirements, expanded to include those specific to the automotive sector.

However, if an organization wished to obtain ISO 27001 certification, it would have to do so separately.

 

Are you interested in this topic, or would you like to prepare as thoroughly as possible for your TISAX orISO 27001 audit? Follow us onSCASSI Cybersecurity’ssocial media channels to stay up to date on our latest news, and feel free to contact us with any questions. We’re here to help!