Trusted Information Security Assessment Exchange (TISAX)
Nowadays, information and data are valuable assets worth protecting. They are often referred to as the ressources of the digital world – hence it is important that companies establish systems to maintain confidentiality, availability and integrity of information assets at all internal and external areas, e.g. when working or collaborating with customers and suppliers. For this, there are numerous standards and audit principles in all industries – in the automotive industry, TISAX was launched in 2017 as an assessment and exchange mechanism. Nonetheless, implementing an information security management system (ISMS) that meets all of the needed requirements is often very complex. Our automotive industry experienced audit-experts with expertise in the fields of information security, IT and cyber security will support you on this way.
What is TISAX?
TISAX is an assessment and exchange mechanism for maintaining information security within companies. Above that TISAX is the basis of the cooperation of automotive original equipment manufacturers (OEMs) and suppliers. Considering that, ENX acts as a neutral governance organization and provides the platform for the exchange of TISAX labels. ENX was chosen to monitor and maintain the audit service provider criteria and audit requirements by the German Association of the Automotive Industry (VDA) – the national association of automotive manufacturers and suppliers. Furthermore, the VDA provides and develops the audit catalogue: the VDA ISA (Information Security Assessment). This catalogue summarizes the general requirements for an ISMS, which are essentially based on the international standards of the ISO/IEC 27000 family.
(2,500 participants, > 40 countries, 12 audit providers)
What are your benefits from participating in TISAX?
A TISAX label is a competitive advantage for companies in different locations when receiving OEM-inquires. Furthermore your company doesn’t need to fulfill multiple, parallel or consecutive audit requests from different OEMs or customers anymore – making double and multiple assessments of the same branches obsolete. Therefore the TISAX assessment can save your time and money.
TISAX also enables mutual acceptance of information security assessments in the automotive industry and provides a common evaluation and sharing mechanism. However, the TISAX assessment result remains under full control of the assessed company. You decide what, how much and when to share with other TISAX participants.
Your advantages at a glance
- Industry-wide and mutual recognition of TISAX assessment results
- Full control over the assessment results as the audited company
- No multiple inspections, not even by different clients
- Price transparency in comparing audit service providers due to the standardized procedure
How can we support you?
Forvis Mazars supports you entirely – organizationally, administratively and technically – in the process of obtaining the required TISAX label! In doing so, Forvis Mazars can compile, rework or "refresh" the ISMS topics such as information security, data protection, IT, physical security and, if necessary, prototype protection. Furthermore, our Forvis Mazars experts accompany you operationally during the TISAX assessment, ensuring that your company is prepared for receiving the required TISAX label.
Our approach in four stages:
Stage 0: Preparation
We support you in the initial preparation phase:
- Identification of roles within the company and/or location that are relevant to the audit,
- Consolidation of existing ISMS documentation and/or preparation of missing documentation,
- Preparation of the site for the audit,
- and, if necessary, coordination and preparation other required artefacts.
This is how you can get started in this complex and interdisciplinary topic with the help of Forvis Mazars, as a single point of contact.
Stage 1: Test Audit
In the first mainstage, Forvis Mazars will complete the VDA ISA questionnaire with you. Consequently, we conduct a test audit on-site to ensure that no requirements are left out for the TISAX audit.
Following this approach, your security-relevant management systems and processes are prepared and tested for the TISAX audit.
Stage 2: TISAX Audit Accompaniment
In the crucial stage of your TISAX project, we can:
- represent the company as mandated external information security officer and act to the TISAX auditor as the principal respondent,
- or support your own information security officer.
As a result, your daily operations and business processes are not interrupted due to the TISAX assessment, as our experts have extensive experience as auditors as well as auditees themselves.
Stage 3: Closure
In the final stages, further auditor requests are executed and the audit result (audit report) will be validated – if necessary, also discussed with the auditor. In the end-to-end service we accompany you until the TISAX label is finally available on the ENX platform and you can share it with your customers.
By obtaining the TISAX label, your company is well prepared for future orders from automotive OEMs or suppliers. Additionally, cost intensive multiple work and auditing processes are unnecessary.
For further information or an initial consultation, please feel free to contact us.