Trusted Information Security Assessment Exchange

TISAX (Trusted Information Security Assessment Exchange) enables mutual acceptance of Information Security Assessments in the automotive industry and provides a common assessment and exchange mechanism. Assessment results always remain under control of the assessed companies.

Participate

For TISAX, everyone who registered is a “participant”. You – as well as your partner – “participate” in the exchange of information security assessment results. To reflect the two roles from the beginning, we refer to you, the supplier, as “active participant”. We refer to your partner as “passive participant”. As an “active participant” you get TISAX-assessed and you share your assessment result with other participants. The “passive participant” is the one who requested that you get TISAX-assessed. The “passive participant” receives your assessment result. TISAX itself however does not really differentiate between these two roles.

The 3-step TISAX process consists of the following steps:

  1. Registration
    1. We gather information about your company and what needs to be part of the assessment
  2. Assessment
    1. You go through the assessment(s), conducted by one of our TISAX audit providers.
  3. Exchange
    1. You share your assessment result with your partner.

 

Registration

Online Registration

To register your company as a TISAX participant, please use the online registration on the ENX Portal:

ONLINE REGISTRATION

Registration is a prerequisite to participate in TISAX.

As a registered Participant, your company can

  • commission assessments and have them carried out by approved audit providers 
  • share results with other Participants from assessments performed 
  • access results shared with your company by other Participants. 

SIGN IN

Your company is already registered in TISAX, please use the Sign In on the ENX Portal.

SIGN IN

For further questions regarding TISAX, please read the TISAX FAQs or the TISAX Participant Handbook. If you need further assistance regarding TISAX, please do not hesitate to contact the TISAX hotline via email (tisax@enx.com) or via phone (+49 69 986692-777).

 

AUDIT PROVIDERS

AUDIT PROVIDER SELECTION BY THE PARTICIPANT

TISAX enables that audit providers offer mutually accepted assessments based on the VDA ISA catalogue in competition. This means that every participant can select an audit provider and expect standardized assessment results which are accepted by other participants throughout the industry. This is enabled by an assessment system featuring distinct scopes of services which is equally suitable for all enterprises along the entire value-creation chain of the automotive industry. Clearly defined packages allow for economical assessments aligned to the individual protection needs.

Participants will receive the most recent list of TISAX audit providers and corresponding contact data after a successful scope registration.

TISAX AUDIT PROVIDERS

The following TISAX audit providers performing assessments all over the world:

  • Ernst & Young GmbH Wirtschaftsprüfungsgesellschaft 
  • KPMG AG Wirtschaftsprüfungsgesellschaft
  • operational services GmbH & Co. KG 
  • PwC Certification Services GmbH
  • TÜV Rheinland i-sec GmbH

The following audit providers are in completion of the TISAX process and do already conduct TISAX assessments:

  • Bureau Veritas Certification
  • DEKRA Certification GmbH
  • DQS BIT GmbH
  • TÜV NORD CERT GmbH
  • Deloitte Certification Services GmbH
  • TÜV SÜD Management Service GmbH

 

BECOMING A TISAX AUDIT PROVIDER

TISAX assessments and admission of audit providers are based on a framework of Criteria and Requirements (ENX TISAX ACAR).

These criteria consist of two parts:

  • Part A: General requirements on audit providers
  • Part B: Specific requirements for ENX TISAX Audit Providers

Contact tisax-ap@enx.com if you want your enterprise to become a TISAX audit provider. We gladly inform you about the requirements and the process flow in detail.

 

EXCHANGE

Premise

It is one of TISAX' key features that your assessment result is fully under your control. Without your explicit permission, all information related to your assessment is not shared with anyone.

EXCHANGING ASSESSMENT RESULTS

The exchange of assessment results within TISAX is merely exclusive for registered participants and only takes place after explicit release of the results by the assessed company for an inquiring company in form of standardized summaries (TISAX Report). The scope of the information provided is based on the requirements of the requesting participant.

The exchange platform

The ENX portal provides the exchange platform. Your audit provider will upload the first two sections (A and B) of your TISAX report. At this stage, the information is not available to anyone except you. You can use the account created during the registration to access the portal and use the exchange platform.

ABOUT TISAX

VDA INFORMATION SECURITY ASSESSMENT

The VDA Information Security Committee of the VDA (German Association of the Automotive Industry) was established more than 10 years ago, and has ever since developed a catalogue of assessment criteria on information security based on key aspects of the international ISO/IEC 27001 and 27002 standards: VDA ISA (VDA Information Security Assessment).

This instrument is used by VDA member companies both for internal purposes and for assessments at suppliers and service providers processing sensitive information of their respective partners.

Assessments according to VDA ISA, particularly at service providers and suppliers, are being handled individually by each requiring company so far. Therefore, it is possible that a partner is assessed several times at short intervals.

COMMON ASSESSMENT MECHANISM TISAX

The VDA Information Security Committee establishes a common assessment and exchange mechanism (TISAX = Trusted Information Security Assessment Exchange) in the automotive industry and beyond, to avoid such multiple effort in the future.

The TISAX system is operated by ENX Association which has been entrusted with the implementation as a neutral instance by the VDA.

TISAX creates competition among the approved audit providers and allows for common acceptance of assessment results within the circle of TISAX Participants. The audit providers perform the assessments based on this set of information security management controls

GOVERNANCE BY THE ENX ASSOCIATION

The ENX Association acts as a governance organisation of TISAX. It monitors the audit providers and the quality of implementation and assessment results.

This control function is ensured through the “ENX Triangle of Governance”, a contractual framework which consists both of a contract between ENX Association and each TISAX audit provider and between ENX Association and each participant. The participant agrees to the General Terms and Conditions of TISAX participation through its registration.

This ensures the results will finally correspond to a required quality and objectivity as well as the rights and obligations of the participants are being preserved.

Double and multiple assessments of the same sites, locations or scopes will therefore be a thing of the past. This helps each participant to save time and costs.

FREQUENTLY ASKED QUESTIONS

ENX Association
Bockenheimer Landstraße 97-99
60325 Frankfurt am Main
Telefon +49 69 9866 927-77
tisax@enx.com

Impressum

Sitz der Geschäftsführung

ENX Association
Bockenheimer Landstraße 97-99
60325 Frankfurt am Main

Telefon +49 69 9866 927-0
info@enx.com

Umsatzsteuer-Ident-Nummer: DE813277682

Eingetragener Vereinssitz

ENX Association
20 rue Barthélémy Danjou
92100 Boulogne-Billancourt
Frankreich

ENX ist eine französische Association nach dem Gesetz von 1901, eingetragen bei der Sous-Préfecture Boulogne-Billancourt, Frankreich unter der Nummer W923004198 mit alleiniger Betriebsstätte in Frankfurt am Main, Deutschland.

Präsidium

Philippe Ludet, Renault (Präsident)
Nadine Buisson-Chavot, GALIA (Schatzmeister)


Rechtliche Hinweise

ENX prüft und aktualisiert die Informationen auf seinen Webseiten. Trotz dieser Sorgfalt können sich die Daten inzwischen verändert haben. Eine Haftung oder Garantie für die Aktualität, Richtigkeit und Vollständigkeit der zur Verfügung gestellten Informationen wird daher nicht übernommen.

Gleiches gilt auch für alle anderen Webseiten, auf die mittels Hyperlinks verwiesen wird. ENX ist für den Inhalt dieser Webseiten, die aufgrund einer solchen Verbindung erreicht werden, nicht verantwortlich. Einige der Informationen und Angebote werden von unseren Partnern, z. B. den zertifizierten Telekommunikationsdienstleistern, als selbständige Dienstleistung erbracht. Bitte beachten Sie, dass für diese Services und Angebote die Geschäftsbedingungen dieser Unternehmen gelten und mit der Aufnahme derer Webseiten auf die Webseiten von ENX keine Empfehlung oder Garantie verbunden ist. Für diese Inhalte ist ENX nicht verantwortlich. Bei diesen Anbietern handelt es sich nicht um Erfüllungsgehilfen von ENX.

Des weiteren behält sich ENX das Recht vor, Änderungen oder Ergänzungen der bereitgestellten Informationen vorzunehmen.

Inhalt und Struktur der ENX-Webseiten sind urheberrechtlich geschützt. Die Vervielfältigung von Informationen oder Daten, insbesondere die Verwendung von Texten, Textteilen oder Bildmaterial, bedarf der vorherigen schriftlichen Zustimmung von ENX.