Logo_100yearsAfnor_CMYK_White

TISAX®, the cybersecurity assessment specific to the automotive sector

Facebook
Email
Twitter
LinkedIn
Agri-food expertise

When it comes to automotive cybersecurity, we're moving up a gear. In a fiercely competitive environment at the cutting edge of innovation, the automotive giants are becoming increasingly aware of the risks of hacking and leaks resulting from the digitalization of processes and exchanges. How do you protect the plans for a prototype when it is ready to be manufactured by a subcontractor? How can we ensure the security of confidential plans stored on a server abroad? What protection is there against ransomware threatening to spread the secrets of a future revolutionary engine on the darkweb? How to ensure business continuity in the event of a major crisis?

Inspired byISO/IEC 27001, the TISAX® standard provides answers to these new concerns that are weighing on the entire automotive sector. The AFNOR group is now recognized by ENX, the association that owns the standard, to assess the practices and information systems of players in the sector.

Tisax®, the cybersecurity assessment specific to the automotive sector

TISAX® evaluation: a sector-specific version ofISO/IEC 27001

Initiated by the German automotive industry, including the well-known VDA(Verband der Automobilindustrie), work on TISAX® (for "Trusted Information Security Assessment Exchange") began in 2017. This private standard aims to adapt the requirements set by ISO/IEC 27001, a voluntary international standard for information systems security management, to the automotive sector. This sector is characterized by strong competition and the race for innovation, with a real risk of espionage, multiplied tenfold by the large chain of subcontractors," points out Thomas Sanjullian, Digital Confidence Product Manager at AFNOR Certification. The aim of the TISAX® assessment is to impose strict cybersecurity rules on all the players involved."

Data registry, governance, business continuity plan, employee awareness and training... TISAX® requirements vary according to the level of assessment carried out, of which there are three: a self-assessment, a remote audit by a third-party assessor, and finally an in-depth audit lasting several days on site.

TISAX® is no longer an option," says Thomas Sanjullian. Manufacturers are already including this requirement in their invitations to tender. To be able to respond and receive data from the manufacturer, they must provide proof of their level." Since September 2023, the AFNOR group has been recognized to carry out this assessment. Auditors are currently undergoing training to be able to conduct their first audits from early 2024.

> Interested in finding out more about TISAX® ?
Watch a replay of the information webinar (webinar)
Privacy Protection and Respect The processing of personal data is necessary to review your request, submitted in your capacity as a professional, to the AFNOR Group. Where applicable, this data may also be used to send you commercial information. In accordance with current European regulations, you have the right to access, rectify, erase, withdraw consent, restrict processing, object to processing, and request data portability regarding your data. These rights may be exercised by sending a message to the AFNOR DPO. French speakers: Click here. English speakers: Click here. Detailed information on the use of your data and the exercise of your rights can be found in the AFNOR Group’s Charter on the Protection of Personal Data and Privacy. Click here to read it.
=

At the same timeISO/IEC 27001the flagship standard providing guidelines for deploying a solid, efficient information management system, is experiencing unprecedented popularity. With almost twice as many people certified in two years, the rise of ISO/IEC 27001 is confirmed at global level, with almost 100,000 sites certified worldwide. In terms of countries, the top three are China, Japan and the UK. The main reason for this strong growth is the central importance of data protection issues. ISO 27001 deals with the security of information systems, and covers both digital and paper data," explains Brice Gilbert, head of ISO 27001 at AFNOR Certification. A few years ago, 62% of companies adopting this standard did so voluntarily. But with the tightening of the regulatory context, most of them are now committing themselves to compliance, so that they can continue to respond to calls for tender. Unsurprisingly, in the ISO Survey, the business sector that makes most use of ISO/IEC 27001 certification is information technology.

"Manufacturers, particularly in the aeronautics sector, are well aware of the stakes. A hack, a data leak or a ransom demand, and the company's survival is at stake. AFNOR is proposing a multi-stage strategy, starting with a free self-assessment to initiate reflection, whatever your sector of activity," says Brice Gilbert. Five years after the first version in May 2017, the publication of the updated standard in 2022, with new aspects such as the cloud, is available as an accredited certification thanks to our international network.

Read more

latest news
from the international network

Agri-food expertise
Taiwan

"Jiu Jing International" has passed the ISO 27001 Information Security Management System certification conducted by "Fabao International Certification"

"Fabao International Certification" recently announced that "Jujing International Co., Ltd." has successfully passed the ISO/IEC 27001:2022 international certification for information security management systems, confirming that it has established a management system compliant with international standards for maintaining the confidentiality, integrity, and availability of its information assets. As an internationally recognized third-party certification body, "Fabao International Certification" conducted a comprehensive assessment of "Jujing International" based on the ISO/IEC 27001 standard, covering four key areas: organizational management, personnel security, physical protection, and technical controls. The certification results confirm that the company has established a comprehensive information security management framework, with management procedures and control measures that meet international standards. “Jujing International” is a professional information security value-added reseller that has long assisted enterprises in building information security protection systems. Through the optimization of its internal management systems, the company has integrated information security management into its daily operational processes, demonstrating its commitment to information security. Passing this certification signifies that the information security management of its own operations has reached international standards. The professional certification team at “Fabao International Certification” noted that information security management system certification is not merely a technical confirmation of compliance but also signifies that an organization has established a systematic management mechanism. “Jujing International’s” successful ISO 27001 certification demonstrates its professional capabilities and management practices in the field of information security. "Fabao International Certification" has long provided information security management system certification services, assisting companies in establishing protection mechanisms that comply with international standards. In the future, it will continue to promote the strengthening of information security governance capabilities within Taiwan’s industries through professional certification.

Read more "
April 14, 2026
See all news
Back to top