TISAX Trusted Information Security

Trusted Information Security Assessment Exchange

TISAX ® is an automotive industry standard for handling confidential information and data and protecting prototypes.

Having successfully guided previous clients through their TISAX certification, we are well prepared to help your company achieve TISAX compliance.

TISAX, or Trusted Information Security Assessment Exchange, is a standard for information security in the automotive industry. It was developed by the German Association of the Automotive Industry (VDA) and is based on the international standard ISO-27001.


What is TISAX?
TISAX is a standard that defines the requirements for information security in the automotive industry. It covers areas such as data protection, IT security, and the handling of confidential information. The goal of Trusted Information Security Assessment Exchange is to ensure that all companies in the automotive industry have a consistent level of information security.


Why do businesses need to care about TISAX?

TISAX is a requirement for suppliers who work with the German automotive industry and handle sensitive information, regardless of size or location. This sensitive information includes any data that can identify individuals or vehicles, such as customer data, employee data, and technical specifications.


TISAX is applicable to all organizations that do business with most of the major players in the German automotive industry, including suppliers of automotive parts and components, as well as providers of IT services and software.

What are the different assessment levels?

Depending on the sensitivity of the information your organization handles, you will be subject to a more or less rigorous assessment. The more sensitive the data, the more rigorous the assessment.

1. Assessment Level 1

(not certifiable)
  • Only for internal purposes in the sense of a self-assessment
  • The auditor only checks the completeness of the self-assessment
  • No assessment of the content of the self-assessment
  • No evidence or proofs are recorded

2. Assessment Level 2

  • Plausibility check of the self-assessment (all sites in scope)
  • Sample review of evidence, including interviews of individuals
  • Usually conducted remotely in a teleconference, only on request in person on site
  • Usually no site visit, only under special circumstances

3. Assessment Level 3

  • Comprehensive verification of your company’s compliance
  • Verification of the results of the self-assessment in an “in-depth” on-site verification and personal interviews



Trusted Information Security Assessment Exchange

Author: Severine Petersen, Data Protection Officer