What do companies need to consider with TISAX?

Companies which deal or want to deal with the automotive industry should make a point of implementing an ISMS that is specifically tailored to the automotive industry, which is based on ISO 27001:2022 and meets additional data protection requirements and the protection of prototypes.

There are three basic assessment levels or requirement types within TISAX®. The level is based on the necessary protection requirements of the information that is exchanged between the individual companies. Depending on whether the need for protection of the information is classified as normal (level 1), high (level 2) or very high (level 3), different methods and efforts are important for the audit. The scope of the audit and the effort required increase with each level:

Level 1: Basic test: self-assessment. 

Level 2: A test provider accredited by the ENX Association joins the test; the test provider examines the self-assessment, performs a plausibility check and asks questions.

Level 3: The test provider checks the self-assessments and the management system on site. 

In general, the first step is to check which security aspects must be completed, with the information security audit being mandatory. The examination of the topics data and prototype protection depends on the business activity and services of the respective company. In addition, standard and general security requirements must be met. Also, the level may depend on what the customers require for a possible cooperation. This means that the higher the fulfilled level, the better the market chance for possible orders.