Important note:
The prerequisite for participating in ENX VCS audits is having a registered TISAX scope or valid TISAX labels. If your organization does not have TISAX, please register for TISAX.

ENX VCS registration guide

With this guide we want to help you to complete the ENX VCS registration.


The process to obtain a CSMS audit certificate requires meticulous planning and a holistic effort from all stakeholders in of the organization. To accomplish a successful V-CSMS audit, please take the following steps into account:

  • Go through this registration process ENX VCS Registration Process overview.
  • Receive confirmation email that confirms successful registration for ENX VCS.
  • Create and manage ENX VCS scopes:
    • Access TISAX locations and add relevant locations to the ENX VCS scope.
    • Select relevant ENX VCS Audit Objectives for the ENX VCS scope.
    • Provide information on the number of protection object types relevant for vehicle cybersecurity for applicable Audit Objectives. The Protection Objects are items or components consisting of assets with cybersecurity properties (Confidentiality, Integrity, Availability). This information enables the audit team to verify the effectiveness of the CSMS by verifying its implementation across sampled protection object types.
  • Create or add contacts and assign them roles for managing your organization’s ENX VCS activities.
  • Perform a self-assessment based onVCSA catalog.
  • ContactENX VCS Audit Providers and ask for offers.
  • Evaluate the offers and select an ENX VCS service provider and order your ENX VCS audit.
  • Plan the various steps related to the audit in a Kick-off Meeting with the Audit Provider.
  • Initial audit – The initial audit is comprised of 3 different phases namely:
    1. Organizational check - It determines whether the CSMS is compliant with the requirements corresponding to the selected ENX VCS audit objectives and that the CSMS works across all cybersecurity related Protection Objects and across all locations/business units listed in the VCS scope.
    2. Determine Protection Object samples - Based on the information from the Organizational Check, an appropriate number of Protection Object(s) are sampled. The purpose of the sample checks is to verify the effective implementation of the CSMS across Protection Objects for the entire VCS scope.
    3. Perform Protection Object sample check - For every sampled Protection Object, it is verified that the CSMS processes are applied consistently over its lifecycle. During this check, deviations, if any, are identified between the expectations generated by the Organizational Checks and the actual implementation for the Protection Objects. These deviations are reported as findings corresponding to the relevant control question in the ENX VCS audit criteria catalogue.
  • If your overall audit result is “minor non-conform”, you receive a temporary ENX VCS label. You prepare a time bound corrective action plan. The validity of the temporary VCS label is determined by the longest implementation period of the corrective actions.
  • Follow-up audits performed until all reported findings are resolved within the stipulated time period
  • ENX VCS labels awarded stating that your V-CSMS fulfills the requirements associated with the relevant ENX VCS Audit Objectives.
  • Audit Provider uploads the audit results on the exchange platform.
  • Publish your audit results on the exchange platform to provide proof to your business partner about your organization’s CSMS capability.

ENX VCS registration process overview

Follow these steps to register:

  • Enter your business email address and select a suitable password.
  • Accept the ENX Portal Terms and Conditions.
  • On the Registration page, add your personal and organization related details (name, business email address, phone number, address, job title, department).
  • Select your organization from a list of TISAX participants. If your organization is not having TISAX, please make sure your organization registers for TISAX first.
  • Accept ENX VCS General Terms and Conditions.
  • The primary TISAX contact in your organization is informed about the request for ENX VCS registration. The primary TISAX contact is requested to authenticate you as a legitimate ENX VCS user.
  • In parallel, you shall receive an email informing you that the registration process is underway and requesting the primary TISAX contact and you to jointly speed up the authentication process.
  • Primary TISAX contact person authenticates your request to become an ENX VCS administrator.
  • Once authenticated as an ENX VCS primary contact, your ENX VCS registration is completed.
  • You shall receive an email confirming the successful registration for ENX VCS.


During the ongoing introduction phase, registration for ENX VCS is free of charge.


If you need any help before, during or after your ENX VCS registration, please don't hesitate to:

We speak English and German. We are happy to help you.

Checklist: before you start

You should know the answers to the following questions before starting the registration:

  • Does your organization have TISAX scopes or valid TISAX label(s)?
  • Does your role allow you to accept our general terms and conditions?
  • Do you know the various locations and protection object types that cover the scope of your V-CSMS?

Ready? Then create a personal account ("Register") or sign in with an existing account ("Sign in").

Sign in Register