TISAX | Information security for the automotive industry

To learn more about our services, leave your contact information here, and we will get back to you, or call 03-9450630.

What is TISAX?

TISAX stands for the Trusted Information Security Assessment Exchange.

Founded in 2000, ENX Association is an umbrella organization for the automotive industry. Its members range from big manufacturers to suppliers, subcontractors, and service providers. ENX includes all the links in the automotive industry’s supply chain.

ENX’s mission is to face the challenges of the digital age, some of which result from industry 4.0. To do this, ENX has

published standards for data protection, information security, privacy protection, and product security.
ENX established a network of suppliers and listed them in a shared registry with documentation regarding their information security level. This makes it easy for companies looking for suppliers and service providers to choose suppliers who meet the data protection standard.

So far, around 2,500 companies from 40 states have joined the registry.

Information security for the automotive industry:

You drive a computer on wheels if your car has Bluetooth, Wi-Fi, apps, and cameras. This means that all the data security risks that apply to computers also apply to your vehicle, with all the safety implications that entail.

Business and manufacturing processes are primarily information-based, and IT systems must be secure. Data protection principles must be followed in every step of the process in your organization and in all the other organizations that factor into your supply chain.

The automotive industry has a lot to gain from the internet and the globalization of the digital age, but it also faces ever-growing risks. To address those risks, security measures must be put in place. This is why digitizing business processes outside your organization requires that all parties throughout the value chain have similar security levels.

 

Who has to comply with the standard?

TISAX applies to developers, manufacturers, and service providers who are part of the automotive industry’s supply chain.
To join the TISAX registry, a company must meet a standard called ISA, developed by the German Association for the Automotive Industry, VDA. Based on the same principles as ISO 27001, ISA requires that companies have an information security management system (ISMS). It also sets out a list of requirements specific to the automotive industry. These are divided into three categories:

  1. Data protection.
  2. Secure product development.
  3. Privacy protection.

 

Process overview:

  1. A requirement is received from a business partner.
  2. The business partner decides the scope and chooses the assessment method based on the parameters of their risk assessment and the interfaces between their company and yours. The scope does not only affect the assessment method and how comprehensive it is; it also affects the criteria of the assessment itself.
  3. There are two processes for assessing the maturity of your ISMS based on the ISA index:
    • Level 1: self-assessment. This means you fill out a questionnaire independently. An external reviewer will check your self-assessment, but you will not be audited or asked to provide further evidence of your compliance. Because this assessment level is the least reliable, it will not grant you a TISAX membership.
    • Level 2: external assessment. The assessor will verify your self-assessment by conducting online interviews and reviewing the evidence you provide. This level usually does not include an on-site in-person audit unless the assessment includes prototype parameter criteria.
    • Level 3: on-site assessment.*A number of companies worldwide are qualified to conduct assessments.
      If compliance gaps are found during the assessment, you will have nine months from the assessment date to take corrective action.

      1. After the assessment, you may register with TISAX.
      2. Certification renewal: your certification will be valid for three years. If you still need to be certified after three years, you will have to go through the entire process again.
        The self-assessment matrix and maturity level thresholds:

      Support from a cybersecurity and information security expert:

      Our consultants have vast experience with information security and have had CISO training. We have supported many dozens of organizations through the process of setting up an information security system that complies with strict international standards. Equipped with a broad range of tools, our team specializes in providing real value and ensuring full regulatory compliance. With our CISO-as-a-service offering, you can get a unique solution tailored to your needs, resources, and field of business.

Why choose Hermeticon:

360° Cybersecurity & information security support

We provide technological solutions informed by legal expertise, combined with a deep understanding of organizational change and security awareness training.

Cybersecurity and information security solutions

We can identify and provide the right tech solutions for your organization.

Support from our resilience testing division

Our resilience testing experts have a wealth of experience and are well-versed in the most advanced security systems on the market.

A bespoke service scaled to match your needs

Over the years, we have gained a lot of experience. By taking a bird's-eye view of your business, we can identify your existing security weaknesses and provide your company's management with valuable insights.
טופס תחתון

Our information security experts are here for you.

Fill in your information or contact us and we'll be happy to be at your service!
  • Phone

    03-9450630

  • Mordehai Rojanski 18
    Rishon LeTsiyon

  • Sun - Thu
    08:00-17:00