TISAX

What is TISAX?

TISAX (Trusted Information Security Assessment Exchange) is a standard for information security, especially for the automotive industry. Based on ISO/IEC 27001, it takes industry-specific requirements into account. TISAX is managed by the ENX Association, a consortium of automotive stakeholders. Companies share their TISAX assessment results to avoid repeated audits. Many automotive manufacturers require a TISAX assessment to work with suppliers.

What is it about?

TISAX is an industry-specific standard for information security in the automotive industry that is based on international standards and assesses the security measures of suppliers and partners. The ENX Association, a consortium of automotive stakeholders, is responsible for the administration of TISAX.

Who is affected?

The following groups are mainly affected by TISAX:

• Automotive manufacturers: They often make TISAX a prerequisite for collaboration with suppliers and service providers.

• Suppliers and service providers to the automotive industry: They often have to undergo a TISAX assessment to prove their compliance with the security requirements.

• The TISAX requirements may also affect third parties who work with sensitive information or technologies from the automotive industry.

Basic elements of TISAX:

• 1. scope definition: definition of the scope of the assessment, depending on the specific requirements of the organisation.

• 2. information security: Based on the ISO/IEC 27001 standard, but with specific adaptations for the automotive industry.

• 3. protection of prototypes: Specific requirements for the protection of physical and electronic prototypes.

• 4. access control: ensuring that only authorised persons have access to relevant information and resources.

• 5. data processing: requirements for the secure processing and storage of data.

• 6. third party management: assessing and managing security risks associated with third party vendors and suppliers.

• 7. emergency management: preparing for and responding to security incidents and breaches.

• 8. continuous improvement: regular review and updating of the information security management system.

• 9. transparency and sharing: organisations can share their TISAX assessment results with others to reduce the assessment effort.

• 10. independent assessment: TISAX assessments are conducted by accredited assessment organisations recognised by the ENX Association.

These elements form the framework of TISAX and help organisations in the automotive industry to ensure a high level of information security.

Advantages/opportunities?

• 1. standardisation: TISAX enables a uniform assessment of information security, which facilitates comparison and exchange between companies.

• 2. efficiency: by sharing TISAX assessment results, repeated audits and assessments can be avoided, saving time and resources

• 3. risk minimisation: a standardised security system reduces the risk of data loss, breaches and other security-related incidents.

• 4. industry acceptance: TISAX is recognised by many leading players in the automotive industry and is often required as a prerequisite for business relationships.

• 5. reputation protection: TISAX compliance can strengthen the trust of partners, customers and other stakeholders.

Opportunities:

• 1. competitive advantage: companies that are TISAX compliant can gain an advantage over competitors that do not meet this standard.

• 2. access to new markets: Some automotive manufacturers and suppliers require TISAX compliance, which can give companies access to new business opportunities.

• 3. continuous improvement: regular review and updating under TISAX can help companies to constantly optimise their security practices.

• 4. stronger partnerships: a common understanding and language of information security can strengthen co-operation between companies in the supply chain.

In summary, TISAX offers companies in the automotive industry not only a framework for improved information security, but also strategic advantages in a highly competitive market.

Structure of TISAX?

TISAX (Trusted Information Security Assessment Exchange) is a standardised assessment and exchange process for information security in the automotive industry. The structure of TISAX is based on existing standards, in particular ISO/IEC 27001, but is specifically tailored to the requirements of the automotive industry. Here is an overview of the structure of TISAX:

• 1. assessment level: TISAX defines different assessment levels that determine the scope and depth of the assessment.

• 2. protection requirement classes: These classes indicate the protection needs of information and determine which security measures are required.

• 3. assessment areas: TISAX includes various assessment areas, including:
  a. Information security
  b. Protection of prototypes
  c. Connection to third-party providers
  d. Data protection (in certain cases)

• 4. self-assessment: organisations can conduct a self-assessment to determine their current level of information security.

• 5. Formal assessment: Accredited assessment organisations conduct a formal assessment to verify compliance with TISAX requirements.

• 6. exchange of results: organisations can share their TISAX results with other organisations via the TISAX Exchange.

• 7. validity period: TISAX assessments have a limited validity period, after which a new assessment is required.

• 8. continuous improvement: organisations are encouraged to regularly review and improve their security measures to meet TISAX requirements.

• 9. accredited assessment organisations: Only assessment organisations recognised by the ENX Association are allowed to conduct TISAX assessments.

The TISAX standard thus provides a structured framework for the assessment and improvement of information security in the automotive industry.

The experts at BFMT have the necessary qualifications and know-how to provide you with optimum support in this area and to prepare you for the assessment by an ENX Association-accredited organisation.