TISAX

TISAX® (Trusted Information Security Assessment Exchange) is the automotive industry’s gold standard for information security. Developed by the German Association of the Automotive Industry (VDA) and managed by the ENX Association, TISAX ensures that companies meet rigorous, standardized security requirements—especially when handling sensitive data such as prototypes, customer information, or confidential intellectual property.


At its core, TISAX is based on ISO/IEC 27001, the global benchmark for Information Security Management Systems (ISMS), but goes further by incorporating industry-specific requirements like:


  • Strict confidentiality of development data
  • High availability expectations for connected systems
  • Protection of prototype and production materials


TISAX enables secure collaboration across OEMs, suppliers, tech partners, and service providers.

TISAX uses a system of labels to indicate the specific security assessment objectives a company has achieved. Each label is aligned with concrete protection needs and defined by the VDA ISA (Information Security Assessment) catalog.

Common TISAX labels include:

  • Information Security – High/Very High Availability, (Strictly) Confidential
  • Prototype Protection – Proto parts / vehicles /  test vehicles / Proto events
  • Data Protection in accordance with GDPR – Basic / High

 If your company wants to work with major automakers, TISAX certification is often a mandatory requirement. It signals that:

  • Your information security meets recognized automotive standards
  • You’ve undergone a rigorous independent audit
  • Your security posture is continuously maintained and shared transparently via the ENX platform

We guide organizations through every step of the TISAX readiness and certification journey:

  • Gap assessments against VDA ISA requirements
  • Implementation of TISAX-compliant policies and controls
  • Audit preparation and support for 


How can we help y​ou?

SOC2 GAP assessment

GAP assessment

Evaluation of organization's current information security practices against the requirements outlined in the standard in order to identify the gaps or areas where the current practices fall short of the standard's requirements.

SOC2 Implementation

Implementation

Implementation is a strategic process that organizations undertake to protect their information security practices with the goal to safeguard sensitive information, ensuring its confidentiality, integrity, and availability.

SOC2 Training and education

Training and education

With training and education we ensure that personnel at all levels within an organization understand their roles and responsibilities regarding information security.

SOC2 Maintenance

Maintenance

Help you with ongoing activities and processes that organization need to put in place to ensure the continual effectiveness, relevance and improvement of the system in accordance with the standard.

SOC2 Audit Support

Certification support

We can help you with selection of certification body, support for certification applications, support during the audit and findings analysis and proposal of remediation.

SOC2 Internal audit

Internal audit

Internal audits help organizations assess the performance and compliance of their information security processes, identify areas for improvement and ensure ongoing conformity with standard requirements.