TISAX is an assessment and exchange mechanism for the information security of enterprises and allows recognition of assessment results among the participants.
If you want to process sensitive information from your customers or evaluate the information security of your own suppliers, TISAX supports you in reducing efforts.


1. Registration
Registration of a TISAX Participant and at least one TISAX Assessment Scope.

2. Selection
After a successful registration you can choose a TISAX audit provider for your TISAX assessment.

3. Assessment
Undergoing a TISAX assessment.

4. Exchange
Exchange of the TISAX assessment results with existing and potential partners within TISAX.

Please refer to the TISAX Participant Handbook for further information.


TISAX participants can embody two roles: providing and/or accessing assessment information. Active participants are assessed and provide the respective assessment result to other participants via TISAX Exchange. Passive participants can request assessment results of other participants through TISAX Exchange and access those results via the ENX Portal when the request has been confirmed. Every participant can assume both roles at the same time as required. TISAX does not differentiate between these roles.


Utilization at eye level:
Each participant decides for himself to whom results will be revealed and to what degree of detail. At the same time, the participating company can also use its own results for its own risk Management.

Recognition of TISAX assessments and their regular three-year validity help to avoid effort as well as duplicate assessments.

Standardized exchange mechanism:
Central exchange processes provide uniform proof of information security.

Free choice of audit provider:
TISAX creates competition among audit providers and allows a joint recognition of assessment results between TISAX participants.


TISAX enables that audit providers offer mutually accepted assessments based on the VDA ISA catalogue in competition. This means that every participant can select an audit provider and expect standardized assessment results which are accepted by other participants throughout the industry.


The exchange of assessment results within TISAX is merely exclusive for registered participants and only takes place after explicit release of the results by the assessed company for an inquiring company in form of standardized summaries (TISAX Report).

Information Security Assessment

The Information Security Assessment (ISA) s an information security requirements catalogue based on key aspects of the international standard ISO/IEC 27001. It is used by companies both for internal purposes as well as assessments by suppliers and service providers who process sensitive information from their respective companies.


ENX maintains the audit provider criteria and assessment requirements (TISAX ACAR). It approves audit providers and monitors the quality of implementation as well as the assessment results. ENX is supported by the TISAX Committee, consisting of representatives of manufacturers, suppliers and associations. Legally, the control function is protected by a contract structure in which ENX holds contracts with all stakeholders, including the audit providers and the participants. This ensures that the results correspond to the desired objectivity and quality. The rights and duties of all participants – small or large – are respected...Read more