Japan available in the following languages:
or select your TÜV Rheinland region / country website:
current language
Japan available in the following languages:
or select your TÜV Rheinland region / country website:
Company
Japan / EN
Choose country/ region and language

World Site

EN

Albania

EN

Algeria

EN

Algeria

AR

Algeria

FR

Argentina

ES

Armenia

EN

Australia

EN

Austria

DE

Bahrain

EN

Bangladesh

EN

Belgium

FR

Belgium

NL

Bolivia

ES

Bosnia and Herzegovina

EN

Brazil

BR

Bulgaria

EN

Bulgaria

BG

Cambodia

EN

Canada

EN

Chile

ES

China

EN

China

CN

Croatia

EN

Czech Republic

EN

Egypt

EN

Egypt

AR

France

FR

Germany

DE

Hungary

EN

Hungary

HU

India

EN

Indonesia

EN

Indonesia

ID

Iraq

EN

Iraq

AR

Italy

EN

Italy

IT

Japan

EN

Japan

JP

Jordan

EN

Kazakhstan

EN

Korea

KO

Kuwait

EN

Kuwait

AR

Latvia

EN

Lebanon

EN

Luxembourg

EN

Luxembourg

DE

Malaysia

EN

Mexico

ES

Morocco

EN

Morocco

AR

Morocco

FR

Myanmar

EN

Netherlands

EN

Netherlands

NL

North Macedonia

EN

Oman

EN

Oman

AR

Philippines

EN

Poland

PL

Portugal

EN

Portugal

PT

Qatar

EN

Qatar

AR

Romania

EN

Romania

RO

Saudi Arabia

EN

Saudi Arabia

AR

Serbia

EN

Singapore

EN

Slovakia

EN

South Africa

EN

Spain

CA

Spain

ES

Sweden

EN

Switzerland

DE

Taiwan

EN

Taiwan

TW

Thailand

EN

Tunisia

EN

Tunisia

AR

Tunisia

FR

Turkey

EN

Turkey

TR

Uganda

EN

United Arab Emirates

EN

United Arab Emirates

AR

United Kingdom

EN

USA

EN

Vietnam

EN

Vietnam

VI

Search
    TUV_R_Icons_Menu_RGB Web-NavigationClose
    Back
    Choose country/ region and language

    World Site

    EN

    Albania

    EN

    Algeria

    EN

    Algeria

    AR

    Algeria

    FR

    Argentina

    ES

    Armenia

    EN

    Australia

    EN

    Austria

    DE

    Bahrain

    EN

    Bangladesh

    EN

    Belgium

    FR

    Belgium

    NL

    Bolivia

    ES

    Bosnia and Herzegovina

    EN

    Brazil

    BR

    Bulgaria

    EN

    Bulgaria

    BG

    Cambodia

    EN

    Canada

    EN

    Chile

    ES

    China

    EN

    China

    CN

    Croatia

    EN

    Czech Republic

    EN

    Egypt

    EN

    Egypt

    AR

    France

    FR

    Germany

    DE

    Hungary

    EN

    Hungary

    HU

    India

    EN

    Indonesia

    EN

    Indonesia

    ID

    Iraq

    EN

    Iraq

    AR

    Italy

    EN

    Italy

    IT

    Japan

    EN

    Japan

    JP

    Jordan

    EN

    Kazakhstan

    EN

    Korea

    KO

    Kuwait

    EN

    Kuwait

    AR

    Latvia

    EN

    Lebanon

    EN

    Luxembourg

    EN

    Luxembourg

    DE

    Malaysia

    EN

    Mexico

    ES

    Morocco

    EN

    Morocco

    AR

    Morocco

    FR

    Myanmar

    EN

    Netherlands

    EN

    Netherlands

    NL

    North Macedonia

    EN

    Oman

    EN

    Oman

    AR

    Philippines

    EN

    Poland

    PL

    Portugal

    EN

    Portugal

    PT

    Qatar

    EN

    Qatar

    AR

    Romania

    EN

    Romania

    RO

    Saudi Arabia

    EN

    Saudi Arabia

    AR

    Serbia

    EN

    Singapore

    EN

    Slovakia

    EN

    South Africa

    EN

    Spain

    CA

    Spain

    ES

    Sweden

    EN

    Switzerland

    DE

    Taiwan

    EN

    Taiwan

    TW

    Thailand

    EN

    Tunisia

    EN

    Tunisia

    AR

    Tunisia

    FR

    Turkey

    EN

    Turkey

    TR

    Uganda

    EN

    United Arab Emirates

    EN

    United Arab Emirates

    AR

    United Kingdom

    EN

    USA

    EN

    Vietnam

    EN

    Vietnam

    VI

      Search

      TISAX® Assessment

      Contact
      Information security assessment in der automotive industry – TISAX® label | TÜV Rheinland

      Table of contents

      More Information Security in the Automotive Industry with the TISAX® Label

      With TISAX® (Trusted Information Security Assessment Exchange), the VDA (German Association of the Automotive Industry) and the ENX Association have developed a consistent quality standard for increasing information security. TISAX® regulates the assessment criteria, assessment methods and the standard for exchanging assessment information along the entire value chain of an automobile. It therefore applies to all parties involved.

      As a common assessment and exchange mechanism under the sponsorship of ENX, TISAX® is considered an anchor of confidence in the automotive industry.

      The TISAX® assessment is based on the VDA ISA catalog of requirements with regard to assessment criteria, assessment methods and the standard for the exchange of assessment information. The relevance of the standard and its high quality standards for information security are reflected in the fact that the VDA ISA catalog of requirements forms the basis for key aspects of the internationally recognized ISO/IEC 27001 standard.

      Many automotive manufacturers now mandate the TISAX® assessment for service providers and suppliers. The TISAX® assessment must be conducted every three years. It offers additional benefits for suppliers and service providers:

      • Thanks to the international, industry-wide recognition, identical assessments in quick succession can be avoided
      • Significant time and cost savings, as multiple assessments are eliminated
      • High level of information security within the company
      • Establishment of a reliable foundation of trust with business partners
      • Good reputation and high trustworthiness
      • Expansion of existing and new customer relationships and market opportunities in the automotive industry

      Benefit from the strengths of a TISAX® assessment and request a quotation.

      Contact us!

      TISAX® customer groups

      Show all Hide all

      One-man businesses (specialists)

      Specialists and experts often work for the automotive industry as sole contractors. They can be special designers, researchers, or specialized translation service providers.

      When assessing these groups of companies, we focus on the proper regulations and verifications. Often, day-to-day business practices can explain the situation of the company in just a few words. We carefully consider whether the existing documentation is adequate for a small company.

      SMEs in the production industry

      A motor vehicle always needs physical parts, such as lamps, seats, trim and other components, which are often manufactured by SMEs.

      At traditional manufacturing companies, information security is often not an integral part of the corporate culture. The absolute focus on production quality all too easily overshadows information security. With us, you partner with a testing service provider and auditors who come from the industry and understand the industry. Many issues sometimes have to be dealt with peripherally, and clear guidance during the assessment helps to identify key aspects.

      Film studios and marketing companies

      The creation of attractive marketing materials or appealing commercials or other short films is a key factor in the sales of vehicles. Therefore, film studios and marketing companies are commissioned to properly convey the vehicles and the emotions associated with them even before their actual release.

      This industry is characterized by creative processes and creative approaches. These companies are therefore quick to reject rigid standardized regulations, as these are not compatible with their corporate culture. But requirements can also be implemented in creative ways and regulations do not necessarily have to be 100-page documents. As a testing service provider, we know how to adapt to the corporate culture, and we always look at the proper implementation of requirements by considering the individual company being assessed.

      Development companies

      Before the first part of a new vehicle can be produced, there always are the idea and the first drawings and designs. In development companies, the focus is primarily on the creation of design drawings and the interactive exchange with customers until a new vehicle or its individual parts are perfect.

      In these companies particularly, an active exchange with the customers is necessary. A significant amount of data is being transferred in both directions and the requirements for individual pieces of information change over the course of the project. As a testing service provider, we understand the challenges and know that not every single email requires a very high level of protection and not every design drawing is critical for an OEM. Therefore, we can address your individual circumstances.

      Cloud service providers

      Cloud service providers are becoming increasingly more important. Almost every company uses external service providers or cloud providers. This work is not really comparable to that of any of the above-mentioned companies, as their focus is on providing computing capacity and services. In the end however, it is the customer who decides which data is to be transferred to the cloud.

      Cloud service providers therefore have different critical business processes than conventional companies. We use our expertise to support you in mastering the challenges and establishing IT security in your company.

      TISAX® – Comprehensive Service: From Preparation to Assessment

      Service providers and suppliers in the automotive industry must provide proof at regular intervals that the high demands of their customers with regard to information security are being met. The TISAX® assessment must be conducted at least every three years. To make this process easy for you, we have tailored our service specifically to your needs. Benefit from our universal approach!

      TISAX® Informational Meeting

      Before your TISAX® assessment is being conducted, you probably have a few questions. We will be happy to offer you an initial phone consultation, where one of our experts will answer any questions you may have about the registration, the process and other relevant topics.

      TISAX® Gap Analysis

      Would you like to get an overview of your current status before your TISAX® assessment? With our TISAX® gap analysis, we simulate a TISAX® assessment to help you assess your chances of successfully completing the assessment. The results of the gap analysis provide you with a basis for deciding how to proceed and how much preparation you will need.

      TISAX® Workshops

      Do you have questions about scoping, individual protection requirements, options for structuring and planning the assessment, or differences between TISAX® and standards such as ISO 27001? We support you with a customized workshop of up to two days where we provide you with information about the formal aspects around TISAX®.

      TISAX® Assessment

      Our experts conduct your TISAX® assessment with great care and will address your specific requirements. From assessments of individual locations over multi-site assessments with different scopes to assessments of multiple sites all over the world – as an experienced and approved testing institute, we are always at your side to support you.

      TISAX® Group Assessments

      Do you have more than seven locations and a consistent ISMS for all of them? If so, a group assessment could be the right choice for you. Our qualified experts are at your side from the planning phase to performing the assessment.

      TISAX® Consulting

      As an alternative to a TISAX® assessment, we are also offering a TISAX® consultation. In this consultation, you will work with our experts to develop a TISAX® -compliant information security management system (ISMS). We support you according to your needs – from simple coaching to comprehensive consulting.

      Do you have questions or would you like more information?

      Ask an Expert

      The TISAX® Assessment Levels

      In addition to the general process, TISAX® offers three different assessment levels. Our interactive graphic will give you an overview.

      General Assessment Process
      AL2 Assessments
      AL2.5 Assessments
      AL3 Assessments
      Initial Assessment
      Corrective Action Assessment
      Follow-up assessment
      Objective
      Procedure
      Advantages and disadvantages
      Objective
      Procedure
      Advantages and disadvantages
      Objective
      Procedure
      Advantages and disadvantages

      The initial assessment begins after the assessment requirements have been reviewed and the TISAX® assessment was assigned. After a kick-off, you complete a self-assessment, which is then submitted to our auditor for a plausibility check.

      After successfully passing this plausibility check, the auditor reviews the implementation of the assessment requirements and records any findings.

      Our experts will conduct the corrective action assessment if there were findings in the initial assessment. During this step, you can propose remedial measures and time frames, which will be evaluated by our auditor.

      If there are findings during the initial assessment, our auditor reviews the proof of your implementation in the follow-up assessment with the help of the implementation description and implementation documents.

      If you wish an assessment of another location or want to define a new assessment objective, a scope extension will be performed as an additional assessment.

      The TISAX® AL2 assessment focuses on an in-depth plausibility check of your self-assessment and the verifications you provide. Therefore, the standards for a good self-assessment are high, and thoroughly prepared documents and verifications are an important component of a successful AL2 assessment.

      1. Based on the supporting documentation provided by you, the auditor performs a plausibility check and verifies your compliance with the requirements.
      2. After the successful completion, you receive the technical and organizational information to prepare for the remote assessment.
      3. Each site-specific remote assessment is carried out by phone by thoroughly interviewing different departments (four to six hours).

      Advantages

      • No travel expenses
      • Fast, efficient completion if well-prepared
      • Less resources and time
      • Reduced assessment costs

      Disadvantages

      • No possibility of a later upgrade to a higher TISAX® assessment level
      • Preparation itself is more time-consuming and resource-intensive compared to AL2.5 or AL3
      • Generally, it is necessary to abort the assessment if the plausibility check cannot be completed
      • Exchange on an inter-personal level is more difficult than with AL2.5 or AL3

      In addition to an initial self-assessment, an in-depth phone assessment is an integral part of this assessment. In contrast to the AL2 assessment, the self-assessment does not necessarily have to be completed successfully, as the auditor will go over the controls in-depth in a phone interview. The interview lasts several days.

      The thorough plausibility check and review of controls allow for simple scope extensions. This also allows a later upgrade to an AL3 assessment level of your TISAX® assessment if an on-site visit is not possible due to COVID-19.

      1. Plausibility check of your self-assessment and your verifications by our auditor.
      2. After the successful completion, you receive all necessary information to prepare for the remote assessment.
      3. The remote assessment is conducted by phone and will be spread over several days based on your individual needs. During the 16- to 20-hour assessment step, the auditor will interview various departments.
      4. Possibility of an AL2.5 expansion assessment via scope extension.

      Advantages

      • Possibility of a later upgrade to a higher TISAX® assessment level
      • Preparation of the assessment is less time-consuming
      • Possibility to provide additional information during the assessment at short notice
      • Reduced travel and accommodation costs
      • In case of deficiencies in the plausibility check, the assessment can still be continued

      Disadvantages

      • More time-consuming than AL2 assessment
      • Higher assessment costs compared to AL2 assessment
      • Less exchange on interpersonal or personal level

      The AL3 assessment focuses on an on-site interview, an on-site assessment, and a thorough self-assessment. This helps to ensure high quality standards.

      1. Your prepared self-assessment and verifications are checked for plausibility and for compliance with the requirements.
      2. Feedback is provided and, after successful completion, the further course of action is agreed upon.
      3. The auditor spends at least two days at your site for interviews with departments as well as for a review and evaluation of various aspects of the assessment.
      4. On-site inspection of your location to check the physical conditions.

      Advantages

      • Less time required for preparing the assessment
      • Easy later upgrade to very high protection requirements or prototypes
      • Possibility to provide additional information during the assessment at short notice
      • No termination of the assessment in case of problems with the plausibility check due to direct inter-personal exchange on site

      Disadvantages

      • More time requirements and higher cost due to in-depth and thorough assessment and consultation
      • Travel and accommodation costs

      Save time and costs by properly preparing your request for a quotation. Request your TISAX® assessment in a few easy steps with the help of our checklist.

      Process of a TISAX® Assessment

      We are Your Reliable TISAX® Partner

      As an independent partner and one of the first TISAX® assessment providers, we use our expertise to support and advise you in defining your assessment objectives and assessment levels as well as in complying with the high information security requirements in your company.

      Since 2017, our IT security and data protection specialists have been working with companies to find the right technical and organizational solutions and help them implement suitable measures that sustainably increase their level of protection.

      As an internationally operating company, we are able to involve qualified experts for both consulting and TISAX® assessments, thus providing added value from understanding cultural aspects to optimizing assessment approaches.

      Downloads

      Whitepaper: Success in the Automotive Industry with the TISAX® Information Security Assessment.

      Whitepaper: Success in the Automotive Industry with the TISAX® Information Security Assessment.

      Contents: e.g. differences between TISAX®-assessment and ISO 27001 certification, TISAX®assessment process, audit contents and types. Download now!

      discover more

      FAQ: Frequently Asked Questions about TISAX®

      Our experts have compiled some frequently asked questions about TISAX® and the relevant terminology for you.

      Show all Hide all

      Where can I find the TISAX® assessment catalog?

      The TISAX® assessment catalog is based on the VDA ISA 5.0 assessment catalog. The catalog, which was developed by the VDA and ENX, contains the Information Security workbook, which serves as the basis for the assessment. The current assessment catalog can be found on the VDA and ENX websites.

      What are the assessment objectives?

      The following assessment objectives are included in the TISAX® assessment catalog:

      • Information with high protection needs
      • Information with very high protection needs
      • Protection of prototype parts and components
      • Protection of prototype vehicles
      • Handling of test vehicles
      • Protection of prototypes during events and film or photo shootings
      • Data protection
      • Data protection with special categories of personal data

      What is an assessment location?

      The TISAX® location is the physical site that processes the relevant information.

      Not every location must have a TISAX® label. It is therefore important to consider in advance for the respective location, where and in which order an assessment is to be conducted. Group assessments are possible for ten or more locations.

      What is the standard scope of the assessment?

      The TISAX® assessment standard scope always includes entire locations and also the individual assessment objectives. A scope focuses primarily on the business processes of performing services as well as dependent supporting processes and departments.

      What are the differences between the TISAX® assessment levels?

      The assessment level describes the assessment to be performed, which depends on the selected objectives. There are three assessment levels:

      An AL2 assessments focuses on a plausibility check based on the submitted documentation, followed by a remote assessment by phone.

      The AL2.5 assessment is similar to the AL2 assessment. After a plausibility check of the self-assessment by an auditor, a remote assessment is performed, which lasts several days. This is also conducted by phone, but is much more thorough. The AL2.5 assessment is particularly useful if a later upgrade to a higher assessment level is desired, but an on-site inspection of individual locations is currently not possible due to COVID-19.

      The AL3 assessment also includes a plausibility check of the self-assessment but is continued on-site. The auditor conducts on-site interviews on at least two days and inspects the location.

      Related Links

      ENX Association

      Read more

      TISAX® Portal

      Read more

      VDA ISA Catalog

      Read more

      Penetration Test

      Read more

      Our Sustainability Initiatives

      Nothing less than the future is at stake. Companies, institutions, public authorities and each and every one of us can play a positive role in shaping the path to tomorrow. We provide you with comprehensive support to ensure that you operate safely, sustainably and efficiently for many years to come.

      Sustainable Infrastructure

      Sustainable Infrastructure

      Comprehensive approaches for the long-term protection of infrastructure

      Learn more!

      Sustainability Service Search

      Test, evaluate, certify, and more: our sustainability services

      Learn more!

      Sustainability Strategy 2025

      Find out how we work with you to protect the future

      Learn more!

      Automotive Certification Services

      Read more

      Contact

      Get in contact with us!

      Get in contact with us!

      Contact

      This might also interest you

      Penetration test

      Penetration test | TÜV Rheinland

      Uncover the vulnerabilities in your IT infrastructure with a penetration test.

      discover more

      Last Visited Service Pages