Information security in the automotive industry – TISAX®


Organizations that want to remain competitive in the digital age must pay close attention to information security. This is particularly true for the automotive industry, where massive amounts of confidential data is exchanged daily.

Working toward becoming a TISAX® audit provider

SGS is pleased to announce that we are undergoing the approval process for becoming a Trusted Information Security Assessment Exchange (TISAX®) audit provider. In the coming months, we will be taking the steps to become fully approved by ENX as a TISAX® audit provider.

Following approval, SGS Germany will be the contract partner.

Introducing TISAX®

The Trusted Information Security Assessment Exchange (TISAX®) is based on the Information Security Assessment (ISA) – a catalog of requirements concerning ISO/IEC 27001 – developed by the German Association of the Automotive Industry (VDA).

The ENX Association acts as the governance organization within TISAX®. It is responsible for further developing TISAX®, monitoring its audit providers and assessment execution, as well as quality assurance.

The TISAX® assessment scheme ensures a uniform level of information security among vehicle manufacturers, service providers and suppliers. It helps to protect data by ensuring integrity and availability in the manufacturing process. A dedicated online platform enables the exchange of information security assessment results within the automotive sector.

Information security is key to automotive

TISAX® involves the protection of data, integrity and availability in the manufacturing process. For this purpose, a dedicated online platform has been developed for the exchange of information security assessment results in the automotive sector. After registration, organizations can access the files.

The advantages of a TISAX® assessment
  • Assessment results are recognized by all TISAX® participants
  • A commonly accepted assessment standard for exchanging assessment results
  • Saves time and money
  • Accepted by suppliers and original equipment manufacturers (OEMs)
  • Creates confidence in your company
  • Eliminates duplicate and multiple assessments

The VDA established the Information Security working group in 2003. A major result of this is the VDA ISA catalog, which has become the industry standard for information security assessments and is based on ISO/IEC 27001. The VDA recommends that organizations involved in the automotive industry’s value chain establish information security.

Helping you through the TISAX® assessment

To begin, registration on the TISAX® platform is required. Once this has been done, we can be selected as your audit provider for assessment (quote based on the TISAX® scope registration excerpt).

To ensure that information is secure, different assessment levels are provided by the audit provider depending on the protection requirement. These are subdivided according to the assessment procedure.

Assessments have three levels:

  1. Self-assessment
  2. Based on the documentation review with a plausibility check and telephone interview
  3. Based on the documentation review with a plausibility check and an on-site assessment

The results can be exchanged if the assessed company gives explicit authorization.

Other ways we can help

As a world-leading automotive services provider, we have unrivaled experience in supporting governments, OEMs, dealers, financial institutions and insurance companies across the globe.

With a network of offices, component-testing laboratories and vehicle-testing centers throughout the world, we offer a unique, independent and global service. As a result, we have the resources and expertise you need for reliable, independent, accurate and secure vehicle and automotive consultancy.

Our services cover quality, risk management and IT security, social responsibility, environmental and training courses.

We can also help you to manage your entire supply chain, provide safe and reliable vehicles, improve quality, efficiency and safety, and reduce costs, delivery times and environmental impact.



Your name

Your e-mail

Name receiver

E-mail address receiver

Your message




Sign up