Trusted Information Security Assessment Exchange

TISAX (Trusted Information Security Assessment Exchange) enables mutual acceptance of Information Security Assessments in the automotive industry and provides a common assessment and exchange mechanism. Assessment results always remain under control of the assessed companies.

Participate

TISAX participants can embody two roles: providing and/or accessing assessment information. Active participants are assessed and provide the respective assessment result to other participants via TISAX Exchange. Passive participants can request assessment results of other participants through TISAX Exchange and access those results via the platform when the request has been confirmed. Every participant can assume both roles at the same time according to its needs. TISAX does not differentiate between these roles.

These are the four steps to successfully use TISAX:

  1. Registration
  2. Selection of an audit provider
  3. Undergoing the assessment
  4. Exchange of the assessment results with existing and potential partners

For further questions regarding TISAX, please feel free to read up the FAQs or download the TISAX Participant Handbook:

TISAX Participant Handbook

Registration

Online Registration

Registration is a prerequisite to participate in TISAX.

As a registered Participant, your company can

  • commission assessments and have them carried out by accredited audit providers 
  • share results with other Participants from assessments performed 
  • access results shared with your company by other Participants. 

To register your company as a TISAX participant, please use the online registration on the ENX Portal.

ONLINE REGISTRATION

If you have any questions regarding registration or TISAX, please feel free to read up our FAQs or chapter 4 from the TISAX Participant Handbook. We are also pleased to be at your disposal on the phone under +49 69 986692 777 and by email under tisax@enx.com.

SIGN IN

Your company is already registered in TISAX, please use the Sign In on the ENX Portal.

SIGN IN

 

AUDIT PROVIDERS

AUDIT PROVIDER SELECTION BY THE PARTICIPANT

TISAX enables that accredited audit providers offer mutually accepted assessments based on the VDA ISA catalogue in competition. This means that every participant can select an audit provider and expect standardized assessment results which are accepted by other participants throughout the industry. This is enabled by an assessment system featuring distinct scopes of services which is equally suitable for all enterprises along the entire value-creation chain of the automotive industry. Clearly defined packages allow for economical assessments aligned to the individual protection needs.

Participants will receive the most recent list of audit providers and corresponding contact data after successful registration.

TISAX ACCREDITED AUDIT PROVIDER

Currently, there are five TISAX-accrededited audit providers performing assessments all over the world:

  • Ernst & Young GmbH Wirtschaftsprüfungsgesellschaft 
  • KPMG AG Wirtschaftsprüfungsgesellschaft
  • operational services GmbH & Co. KG 
  • PricewaterhouseCoopers (PERSICON cert GmbH)
  • TÜV Rheinland i-sec GmbH

The following audit providers are about to complete the TISAX accreditation and can already conduct TISAX assessments:

  • DEKRA Certification GmbH
  • DQS BIT GmbH

 

ACCREDITATION AS AUDIT PROVIDER

The ENX TISAX accreditation is based on a framework of Accreditation Criteria and Assessment Requirements (ENX TISAX ACAR).

These criteria consist of two parts:

  • Part A: General requirements on audit providers
  • Part B: Specific requirements for ENX TISAX Audit Providers

Get in touch with us via email tisax-accreditation@enx.com, if you want your enterprise to become accredited as an audit provider. We gladly inform you about the requirements and the process flow in detail.

 

EXCHANGE

EXCHANGING ASSESSMENT RESULTS

The exchange of assessment results within TISAX is merely exclusive for registered participants and only takes place after explicit release of the results by the assessed company for an inquiring company in form of standardized summaries (TISAX Report). The scope of the information provided is based on the requirements of the requesting participant.

ABOUT TISAX

VDA INFORMATION SECURITY ASSESSMENT

The VDA Information Security Committee of the VDA (German Association of the Automotive Industry) was established more than 10 years ago, and has ever since developed a catalogue of assessment criteria on information security based on key aspects of the international ISO/IEC 27001 and 27002 standards: VDA ISA (VDA Information Security Assessment).

This instrument is used by VDA member companies both for internal purposes and for assessments at suppliers and service providers processing sensitive information of their respective partners.

Assessments according to VDA ISA, particularly at service providers and suppliers, are being handled individually by each requiring company so far. Therefore, it is possible that a partner is assessed several times at short intervals.

COMMON ASSESSMENT MECHANISM TISAX

The VDA Information Security Committee establishes a common assessment and exchange mechanism (TISAX = Trusted Information Security Assessment Exchange) in the automotive industry and beyond, to avoid such multiple effort in the future.

The TISAX system is operated by ENX Association which has been entrusted with the implementation as a neutral instance by the VDA.

TISAX creates competition among the accredited audit providers and allows for common acceptance of assessment results within the circle of TISAX Participants. The audit providers perform the assessments based on this set of information security management controls

GOVERNANCE BY THE ENX ASSOCIATION

The ENX Association acts as a governance organisation of TISAX. It accredits the Audit Providers and monitors the quality of implementation and assessment results.

This control function is ensured through the “ENX Triangle of Governance”, a contractual framework which consists both of a contract between ENX Association and each accredited audit provider and between ENX Association and each participant. The participant agrees to the General Terms and Conditions of TISAX participation through its registration.

This ensures the results will finally correspond to a required quality and objectivity as well as the rights and obligations of the participants are being preserved.

Double and multiple assessments of the same sites, locations or scopes will therefore be a thing of the past. This helps each participant to save time and costs.

FREQUENTLY ASKED QUESTIONS

ENX Association
Bockenheimer Landstraße 97-99
60325 Frankfurt am Main, Germany
Phone +49 69 9866 927-77
tisax@enx.com

Impressum

Sitz der Geschäftsführung

ENX Association
Bockenheimer Landstraße 97-99
60325 Frankfurt am Main

Telefon +49 69 9866 927-0
info@enx.com

Umsatzsteuer-Ident-Nummer: DE813277682
Sitz der Gesellschaft

ENX Association
20 rue Barthélémy Danjou
92100 Boulogne-Billancourt
Frankreich

ENX ist eine französische Association nach dem Gesetz von 1901, eingetragen bei der Sous-Préfecture Boulogne-Billancourt, Frankreich unter der Nummer W923004198 mit alleiniger Betriebsstätte in Frankfurt am Main, Deutschland.

Präsidium

Clive Johnson, Ford (Präsident)
Philippe Ludet, Renault (Vizepräsident)
Nadine Buisson-Chavot, GALIA (Schatzmeister)


Rechtliche Hinweise

ENX prüft und aktualisiert die Informationen auf seinen Webseiten. Trotz dieser Sorgfalt können sich die Daten inzwischen verändert haben. Eine Haftung oder Garantie für die Aktualität, Richtigkeit und Vollständigkeit der zur Verfügung gestellten Informationen wird daher nicht übernommen.

Gleiches gilt auch für alle anderen Webseiten, auf die mittels Hyperlinks verwiesen wird. ENX ist für den Inhalt dieser Webseiten, die aufgrund einer solchen Verbindung erreicht werden, nicht verantwortlich. Einige der Informationen und Angebote werden von unseren Partnern, z. B. den zertifizierten Telekommunikationsdienstleistern, als selbständige Dienstleistung erbracht. Bitte beachten Sie, dass für diese Services und Angebote die Geschäftsbedingungen dieser Unternehmen gelten und mit der Aufnahme derer Webseiten auf die Webseiten von ENX keine Empfehlung oder Garantie verbunden ist. Für diese Inhalte ist ENX nicht verantwortlich. Bei diesen Anbietern handelt es sich nicht um Erfüllungsgehilfen von ENX.

Des weiteren behält sich ENX das Recht vor, Änderungen oder Ergänzungen der bereitgestellten Informationen vorzunehmen.

Inhalt und Struktur der ENX-Webseiten sind urheberrechtlich geschützt. Die Vervielfältigung von Informationen oder Daten, insbesondere die Verwendung von Texten, Textteilen oder Bildmaterial, bedarf der vorherigen schriftlichen Zustimmung von ENX.