standard

TISAX® consultants

TISAX® – Information Security for the Automotive Industry

AvISO is an industry-leading expert in TISAX® and helping you implement and maintain your TISAX® – Information Security for the Automotive Industry. With offices in London, Kent, and Ireland, we provide global Consultancy, training & Software solutions to support sole traders to multi-national organisations to ensure they achieve the most from their UKAS Accredited Certification to TISAX®.  

Requirements: TISAX® – Information Security for the Automotive Industry

ISO Consultants London
More information on this standard...
Scroll down

in brief

TISAX, or Trusted Information Security Assessment Exchange, is a critical standard for information security within the automotive industry. As organisations increasingly handle sensitive and confidential information, adhering to TISAX standards ensures robust security measures that are crucial for business operations and partnerships. This guide aims to demystify the process of identifying your TISAX assessment level, linking objectives to ISA criteria, and making informed decisions that align with your organisational goals and security needs. Whether you are new to TISAX or looking to refine your current practices, this step-by-step approach will help you navigate through the complexities of TISAX certification and secure your place in the automotive supply chain.

Increasingly, companies in the automotive industry are requesting that suppliers prove defined levels of sensitive information and prototype protection.

Standards such as ISO 27001 Information security management systems (ISMS) and their implementations help companies to securely handle confidential information. Such a standard saves you from having to reinvent the wheel. More important, standards provide a common basis when two companies need to exchange confidential data.

The automotive industry has used ISO 27001 to define standards that care for their more specific needs. The “Verband der Automobilindustrie” (VDA) is one of them. The result of their joint efforts is a questionnaire that covers the automotive industry's widely accepted information security requirements. It is called the “VDA Information Security Assessment” (VDA ISA).

Standards such as ISO 27001 Information security management systems (ISMS) and their implementations help companies securely handle confidential information. Such a standard saves you from having to reinvent the wheel. More importantly, standards are provided every day when two companies need to exchange confidential data.

Once you have completed the VDA ISA, you can apply for TISAX® certification. TISAX® labels state that your information security management system fulfils a defined set of requirements. TISAX® labels make TISAX®-related communication with your partner and your TISAX® audit provider easier because they demonstrate that your information security management system complies with their specific requirements.

AvISO helps companies in the automotive industry achieve both ISO 27001 and TISAX®. Our consultants will work with you to help you understand the assessment process and ensure that your ISMS meets the requirements of both ISO 27001 and the VDA ISA assessment.

why work with AvISO

  • AvISO has a 100% success rate of achieving UKAS accredited certification for our clients
  • AvISO has experience with a wide selection of ISO standards, so can offer tried and tested advice on their implementation and integration
  • We are recommended buy all the major Certification Bodies for ISO Consultancy
  • AvISO has built excellent relationships with Cranfield Universities
  • With an exceptional In-House team of ISO BS 8900 Consultants and working closely with a rigorously selected group of Technical Experts ensures you receive the best possible service whatever your project.
  • We have our own proven software solution designed to provide and simple, efficient, and effective platform to manage all your compliance requirements. 
  • We are the only UK company to publish all our Legal Registers freely and provide free no, obligation updates to anyone who requests them. 
  • Our proven software solution is designed to provide a simple, efficient, and effective platform to manage all your compliance requirements. 
  • We are the only UK company to publish all our Legal Registers freely and provide free no, obligation updates to anyone who requests them. 

Identifying your TISAX Level

The step to guide to setting objectives

Step-by-Step Guide to Identify Your TISAX Level

Understanding TISAX – How to Determine Your TISAX Objectives and Assessment Level (AL)

TISAX is a standard for information security in the automotive industry, helping organisations manage and protect sensitive and confidential information. Achieving the right TISAX level ensures you meet industry-specific security requirements, which is crucial for conducting business within the automotive sector.

Step 1: Familiarise Yourself with the Assessment Objectives

TISAX outlines a set of assessment objectives (listed below) covering various aspects of information security. These objectives range from general information security management to specific areas like prototype protection and compliance with data protection regulations such as the GDPR. Your first task is to review these objectives thoroughly. Understanding these will help you pinpoint the areas that are most relevant to your organisation's operations and risks.

Step 2: Link Objectives to ISA Criteria

Each TISAX assessment objective (listed below) is linked to specific criteria within the Information Security Assessment (ISA) catalogues. These catalogues contain control questions and requirements that detail what is expected from your information security practices. It's important to understand that not every criterion applies to all objectives. Identify the criteria relevant to your chosen objectives to focus your preparation efforts effectively.

Step 3: Understand How Objectives Translate into TISAX Labels

Successful assessment against your chosen objectives will earn you TISAX labels. These labels are a shorthand for the level of information security your organisation maintains. Some objectives—and thus labels—are hierarchical. Achieving a higher-level objective may automatically qualify you for related, lower-level labels, offering a clear way to communicate your security posture to partners and customers.

Step 4: Making an Informed Objective Selection

If your business partners haven't specified which objectives you need to meet, choose based on your own security posture and future aspirations. Aim for objectives that reflect your current practices and anticipate future requirements. Consider factors like the types of information you handle, your role in the automotive supply chain, and potential future partnerships. This proactive approach ensures you're not just compliant but competitively positioned.

Step 5: Match Protection Needs to Assessment Levels

TISAX categorises information according to three levels of protection needs—normal, high, and very high—with corresponding assessment levels (ALs) to match. Assess the sensitivity of the information you handle against these levels. This will guide you in enhancing your security practices to meet or exceed the necessary AL, ensuring that your handling of sensitive information is adequately secure.

Step 6: Evaluate Your Suppliers

Your TISAX assessment doesn't automatically extend to your suppliers. You'll need to evaluate your suppliers' information security practices individually, determining if they meet the requirements for conducting business with you. This step is crucial for maintaining a secure supply chain and preventing any security lapses from affecting your operations.

Conclusion and Next Steps

Identifying the correct TISAX level for your organisation is a critical step in securing your operations and ensuring compliance with industry standards. Start by familiarising yourself with TISAX objectives, linking these to ISA criteria, understanding how these translate into TISAX labels, and selecting your objectives thoughtfully. Remember to align your protection needs with the appropriate assessment levels and extend your security considerations to include your suppliers.

As you embark on this journey, keep in mind that TISAX is not just a certification but a commitment to maintaining a high standard of information security that benefits your organisation, your partners, and the entire automotive supply chain.

Conclusion and Next Steps

Identifying the correct TISAX level for your organisation is a critical step in securing your operations and ensuring compliance with industry standards. Start by familiarising yourself with TISAX objectives, linking these to ISA criteria, understanding how these translate into TISAX labels, and selecting your objectives thoughtfully. Remember to align your protection needs with the appropriate assessment levels and extend your security considerations to include your suppliers.

As you embark on this journey, keep in mind that TISAX is not just a certification but a commitment to maintaining a high standard of information security that benefits your organisation, your partners, and the entire automotive supply chain.

ask a question

If you would like to know more about ISO Standards, Certification and the value of a good management system you can add to your business we would love to hear from you: Kent: 01892 800476 | London: 02037 458 476 | info@avisoconsultancy.co.uk

By filling out this form, you agree to the terms laid out in our privacy policy
Thank you!
Your submission has been received, one of our team members will be in touch soon.
Oops! Something went wrong while submitting the form.
ISO consultants kent
choose a standard

What Standard are you looking to obtain:

ISO 9001 – Quality Management System Standard
ISO 14001 – Environmental Management System Standard
ISO 27001 – Information Security Management System Standard
ISO 20001 - Information Technology Service Management Part 1
ISO27701:2019 – Privacy Management System Standard
ISO 30071-1 - Digital Accessibility Standard
ISO 37001 – Anti-Bribery Management System Standard
ISO 45001 – Health and Safety Management Standard
ISO 50001 – Energy Management System Standard
ISO 14064:1 - Quantification And Reporting Of Greenhouse Gas Emissions And Removals
ISO 14067 - Carbon Calculator
PAS 2060 - Carbon Neutrality
ISO 17024 - Conformity Assessment of the Certification of Persons
ISO 17025 – The competence of testing and calibration laboratories
ISO 20121 – Event Sustainability Management System Standard
ISO 37301:2021 – Legal Compliance Management System 
ISO 31000 - Risk Management
ISO 37002 - Whistleblowing
The Digital Operational Resilience Act (DORA)
ISO 22000 – Food Safety Management System Standard
BES 6001 - Responsible Sourcing of Construction Products
ISO 22301 – Business Continuity Management System Standard
IATF 16949 – Automotive Quality Management System Standard
ISO 44001- Collaborative business relationships
BS 8900 - Guidance for managing sustainable development
CYBER ESSENTIALS – Cyber Security
SOC2 Compliance
ESOS – Energy Savings Opportunity Scheme
FIAS – Fertiliser, Security & Traceability
Lexcel – Legal Management System
MOD Standards
SECR - Streamlined Energy and Carbon Reporting
TISAX® – Information Security for the Automotive Industry
AS 9100 - Aerospace Quality Management System | Aqms
esos Energy Audits
B CORP CERTIFICATION
ISO 45003 - Occupational Health and Safety Management
ISO 42001:2023 - Artificial Intelligence 
FIA Environmental Accreditation
Need more info? Let us know how we can help
get in touch
ISO Consultancy London
Ask a Question
By clicking “Continue To Site”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.