What does TISAX® stand for?

TISAX® (Trusted Information Security Assessment Exchange) is a framework developed specifically for the automotive industry to ensure that information security standards and data protection requirements are met in the supply chain. TISAX® includes a set of elements and requirements to ensure information security and data protection in the automotive industry. The main components of TISAX® include:

1. the requirements of information security of TISAX® are based on ISO/IEC 27001:2022 and extends these standards to include specific requirements for the automotive industry.

This includes the known control target of the ISO 27001:2022 confidentiality, integrity and availability of information as well as protection measures for personal data from the EU General Data Protection Regulation GDPR  and customer-specific requirements such as prototype protection.

2. assessment process: TISAX® performs an assessment of information security and data protection measures in companies operating in the automotive supply chain. This assessment is usually performed by accredited TISAX® auditors.

3. The TISAX® requirement catalog has defined maturity level concept in 6 levels (from 0 to 5). Each required messure must be completed with at least "target maturity level 3"

4. protection of personal data: One focus of TISAX® is on the protection of personal data to meet the requirements of the General Data Protection Regulation (GDPR) in the automotive industry. This includes establishing policies and procedures for processing personal data and ensuring its security.

5. classification of security levels: TISAX® uses a security classification with different levels (protection levels) for information and data. This classification helps companies to implement appropriate security measures according to the respective protection needs.

6. exchange of audit results: TISAX® enables the secure exchange of test results between companies and business partners in the automotive supply chain. This promotes transparency and trust with regard to information security and data protection.

7. audit report and certification: After successful completion of the TISAX® assessment, companies receive an audit report containing the identified security deficiencies and recommendations for improvement. If they meet the requirements, they receive TISAX® certification, which entitles them to work with automotive manufacturers and suppliers.

Overall, TISAX® aims to ensure a high level of information security and data protection in the automotive industry while facilitating the exchange of information between companies in the supply chain. It is an important step in ensuring that confidential information and personal data are adequately protected in this industry.

Most of the OEM an 1st tier suppliers require the implemtation of TISAX in there entire Supply-Chain.