TISAX Support

TISAX (Trusted Information Security Assessment Exchange) is an assessment and exchange mechanism for the automotive industry. Based on the requirements of ISO 27001 and ISO 27002 (Annex A controls), TISAX is designed specifically to ensure a high, consistent level of information security throughout the automotive supply chain.

Developed by the German Association of the Automotive Industry (VDA) and managed by the ENX Association, TISAX is not an ISO certification, but rather a label based on a standardised assessment.

There are three levels of assessment:

• Assessment Level 1 (AL1) – Normal Protection Requirements (Self-assessment)
• Assessment Level 2 (AL2) – High Protection Requirements (Plausibility check  – remote audit)
• Assessment Level 3 (AL3) – Very High Protection Requirements (Full audit onsite)

The level of a TISAX assessment required will depend on the sensitivity of the data being handled.

There are three areas to choose from (an organisation can choose more than one):

• Information Security Covers general information security controls such as policies, risk management, access control, incident handling, and secure operations.
• Prototype Protection Focuses on safeguarding physical and digital prototypes, design data, test vehicles, and confidential development information.
• Data Protection Ensures compliance with personal data regulations (e.g., GDPR), including handling, processing, storage, and protection of personal information.

All levels require a self-assessment to be completed. This is to grade each of the controls from 0-5. TISAX requires a minimum overall score of 2.71 to pass.

What it aims to help businesses do:

• Information Security confidence: Ensures secure processing of information between business partners, protection of prototypes and compliance with data protection regulations such as GDPR.
• Standardised approach: It provides a standardised approach to information security assessment within the automotive supply chain.
• Integrity and Availability of data: Compliance with TISAX requirements ensures the integrity and availability of protected data in automotive business processes, such as manufacturing.
• Minimisation of Audit fatigue: Verification of compliance can be completed with a single assessment that can be shared with multiple partners

TISAX is essential for any organisation operating within the automotive ecosystem, including:

• Service Providers (IT, marketing, logistics, or R&D) that handle sensitive automotive data.
• Original Equipment Manufacturers (OEMs)
• Tier 1 and Tier 2 Suppliers providing components or systems.

At Blackmores, our TISAX consultants specialise in helping you to achieve a TISAX label. As well as working with clients in the UK, we also assist with clients in international locations – so we can support you wherever you are based.

Our TISAX consultancy service includes the following steps. 

• Conduct an TISAX Gap Analysis – Gap analysis is the first step, as it helps establish your strengths and determine where the weaknesses currently are. It indicates to our TISAX consultants what is already on track and where the improvements can be made.
• Dedicated TISAX isologists® – We have a skilled team of TISAX consultants to help you achieve your desired level of TISAX compliance.
• Conduct Internal Audits – We can help you plan and conduct Internal Audits to verify your compliance with TISAX.
• Provide On-Site Support For External Audits – As part of our TISAX consultancy services, we can also provide on-site support during External Audits carried out by Certification Bodies.
• Request a Quote for Assessment – We can send a request for a quote to 3 ENX Association approved Certification Bodies on your behalf. This is done free of charge on request.

Are you looking for an TISAX consultant? We’d be happy to help; simply Contact Us.

1. Industry-wide recognition: Earn a recognised label that is trusted by all major European and global automotive organisations.
2. Eliminate Redundant Audits: You only need to undergo one assessment to satisfy multiple automotive clients, saving time and money. This is re-audited once every 3 years.
3. Robust Information Security: The framework forces a proactive approach to identifying vulnerabilities and implementing robust risk management.
4. Defined Accountability: Clearly identifies roles and responsibilities, ensuring that those with quality oversight have the authority to “pause” operations if safety is at risk.
5. Operational Efficiency: Standardised security processes reduce friction in internal workflows and external collaborations.
6. Avoid Penalties: Reduces the risk of data breaches that could lead to heavy fines, legal issues, or the loss of contracts.

1. Compliance Assurance: Ensures that subcontractors meet strict regulatory requirements like GDPR.
2. Reduced Procurement Time: Onboarding is significantly faster when security compliance is pre-verified on the ENX portal.
3. Supply Chain Resilience: Businesses can be confident that their intellectual property (IP) is protected against theft, loss, or manipulation.
4. Protection of Prototypes – TISAX ensures compliance with industry specific prototype protection requirements.
5. Trust & Assurance: Clients have verified proof of your security maturity without having to send their own auditors to your site.
6. Reduced Security Risks – Clients benefit from working with suppliers who have undergone rigorous third-party security assessments

Like most standards, TISAX requires that documentation is not only published and communicated, but also embedded into day-to-day activities. This will take the self-assessment grading level from a 2 to a 3.

Here is an estimate of how long it can take to implement TISAX before external audits.  

In the current automotive industry, TISAX is rapidly becoming a mandatory prerequisite.

Many OEMs (especially German manufacturers) now include TISAX labels as a mandatory requirement in their Invitations to Tender. Without a label, your bid may be disqualified before it is even read.

The automotive sector is very competitive, having the TISAX label can be the deciding factor in winning a tender against a non-labelled competitor, as certification demonstrates a verified commitment to information security that gives certified organisations a decisive edge.

Holding an active TISAX label will also accelerate the onboarding process, as certified organisations can quickly demonstrate their security credentials through the ENX portal.