TISAX® Evaluation - Information Security in the Automotive Sector

In an increasingly digitized business environment, information security has become a critical prerequisite for the entire automotive supply chain. The Trusted Information Security Assessment Exchange (TISAX®) provides its members with a standardized system for monitoring information security in the automotive industry.

BENEFITS OF TISAX® EVALUATION

• • Strengthen, validate and perpetuate the resilience of your information system through a repository adapted to the automotive sector.
  • You will join the TISAX® partner network, recognized worldwide for its expertise.
  • As a standard designed specifically for the automotive industry, TISAX® represents recognition and a pledge of trust between the various stakeholders in the automotive sector.
  • Valid for three years, the TISAX® evaluation aims to establish an assessment based on criteria common to the automotive sector.

WHY TISAX®?

TISAX® evaluation is an automotive evaluation standard developed at the joint initiative of ENX (European Network Exchange) and the VDA (Union of the German Automotive Industry). The automotive sector is a very high value-added economy, based on the sharing of confidential information between several partners. Protecting information systems is therefore imperative.

Based on an information security management system similar to ISO 27001, TISAX® is tailored to the requirements of the automotive industry. This multi-level assessment provides a level of granularity and specialization that ISO 27001 cannot guarantee.

WHAT ARE THE DIFFERENCES BETWEEN TISAX® AND ISO 27001:2022?

TISAX®...

• Specialized in the automotive industry, including industrial information systems
• Valid for 3 years
• Annual review of the standard
• Applied to an entire site
• Private certificate that can be shared with partners
• System maturity level taken into account
• Evaluation on several possible levels :
  1. Assessment level 1
     Assessment level 1 involves an internal self-assessment, which is imperative for any assessment subject to evaluation.
  2. Assessment level 2
     Assessment level 2 corresponds to a plausibility test on your self-assessment. The auditor confirms this test by verifying the evidence through remote interviews.
  3. Assessment level 3
     Assessment level 3 requires on-site attendance to verify your self-assessment. Face-to-face interviews will provide a more complete and in-depth verification.

... and ISO 27001

• • Generalist
  • Valid for 3 years with annual follow-up audit
  • Review every 5 years
  • Full audit
  • Applied to a defined perimeter
  • Broader information security process
  • Public certificate.

INSTRUCTIONS FOR EVALUATION

1. Registration on the TISAX® platform: Registration of all participants on the TISAX® platform
2. Self-assessment: Pre-diagnosis to understand the challenges of the audit and maximize your chances of maturity (AL1)
3. Audit : Review of your information system (off-site for AL2, on-site for AL3) to determine its compliance with the requirements of the certification standard.
4. Assessment and exchange: Validate your maturity level and share this information with your partners
5. Monitoring and renewal: Renewal audit every three years;

WHY CHOOSE THE AFNOR GROUP?

• The expertise of a leader in management system certification
• Our proximity and our presence in more than 100 countries facilitate the deployment of your international initiatives.
• The strength of a network of certified auditors and evaluators
• The provision of a personalised customer area to facilitate the management of your certification, the preparation of your audits and to monitor the progress of your approach.

USEFUL LINKS :

• ENX portal
• TISAX® Participant Manual
• TISAX® Documentation Center.