TISAX®-Label | Bureau Veritas

As digitalisation continues to advance, the demands on data protection and information security are growing at the same time - this is particularly relevant for the automotive industry. Companies that work with partners from the automotive industry as suppliers or service providers must fulfil industry-specific information security requirements and also regularly provide evidence of this. The TISAX® (Trusted Information Security Exchange) standard from the VDA-ISA catalogue, which has been valid since 2018, standardises the requirements for suppliers and service providers in the automotive industry and supports companies in:

• continuous improvement of the information security management system (ISMS)
• time and cost savings thanks to standardisation: time-consuming multiple audits are eliminated
• industry-wide recognition
• meeting customer requirements & improved market access
• strengthening trust in already established business relationships

INFORMATION PROTECTION ALONG THE ENTIRE SUPPLY CHAIN

Based on the standardised international industry norm ISO/IEC 27001, the German Association of the Automotive Industry (VDA) has created a catalogue of requirements with TISAX® with the support of the ENX Association that is specifically tailored to the value chain of the automotive industry.  Because especially in the automotive industry, where sensitive information & data is exchanged between suppliers, vendors and OEMs, information security must be guaranteed along the entire supply chain. Through a TISAX® assessment, companies can prove that they meet the high automotive-specific requirements for information security - thus ensuring a uniform mutual security level of sensitive information. As soon as a company has demonstrably implemented all information security requirements, it receives the official TISAX® label. Bureau Veritas Certification accompanies you competently and reliably through the entire TISAX® assessment process.

INTERNATIONAL SEAL OF APPROVAL: HOW YOU CAN BENEFIT FROM THE TISAX^®-label

Until recently, service providers and suppliers were subjected to internal audits according to ISO/IEC 27001 by the automotive industry. This meant that they had to undergo several identical audit processes at fairly short intervals, depending on the customer's requirements. This costly and time-consuming method is no longer necessary with TISAX®: thanks to the catalogue of requirements based on common audit and exchange mechanisms, all standards are optimally covered and DSGVO-compliant.

With a TISAX® label, you show your customers that you are excellently positioned in terms of information security. You receive an industry-wide and internationally recognised label for trustworthiness and seriousness and thus gain a competitive advantage. Many OEMs and also TIER 1 companies already require a TISAX® label for cooperation.

FLEXIBLE TEST SCOPE & INDIVIDUAL REQUIREMENTS 

The basic building block of the TISAX® assessment is the topic of information security. This covers all the information that a company has - including technical, business and personal data. If special protection is required in one or more of these information categories, the optional modules listed below from the VDA-ISA criteria catalogue can be used for an assessment, depending on individual requirements:

Short Description	Definition
Info high	Information with high protection needs
Info very high	Information with very high protection needs
Proto single parts	Protection of prototype parts and components
Proto vehicles	Protection of prototype vehicles
Test vehicles	Handling of test vehicles
Proto Events	Protection of prototypes during events and film or photo shootings
Data	Data protection According to Article 28 (“Processor”) of the European General Data ProtectionRegulation (GDPR)
Special Data	Data protection with special categories of personal data According to Article 28 (“Processor”) with special categories of personal data asspecified in Article 9 of the European General Data Protection Regulation (GDPR)

The assessment results always remain with the assessing company: You decide who may view your results and to what extent.

FREQUENTLY ASKED QUESTIONS

WHICH COMPANIES REQUIRE The TISAX^®-label?

Generally, TISAX® is aimed at all service providers and suppliers in the automotive industry who need to protect sensitive customer data and internal company information in the best possible way and regularly provide evidence of this. The scope of the assessment can be adapted to individual needs.

HOW DOES THE TISAX^® Auditing PROCESS WORK?

Based on the individual protection needs of your company, you will receive personally tailored assessments according to a predefined scope of services. Our auditors first obtain an overview of the initial situation and then prepare a detailed assessment report. After any non-conformities have been remedied in a TISAX®-compliant manner, nothing stands in the way of the final label: you can now share your results with your partners to the extent of your choice.