Download as pdf or txt
Download as pdf or txt
You are on page 1of 14

TISAX Certification

ENX Association


Sâo. Bernardo do Campo | April 06, 2021 Data classification: Internal

Tisax - Trusted Information Security Assessment Exchange

1. What is Tisax
2. The TISAX process
3. Evaluation time
4. Terms / roles
5. Tisax scope
6. Objectives / levels of assessment and protection TISAX
7. Sharing / dissemination of results
8. Approved connection tools
9. Connection types
10.Cost types
11.Reference links

2 06.04.2021 | B-RS Group Security Region SAM

Tisax - Trusted Information Security Assessment EXchange

What is TISAX ? What is ENX ? What is VDA ISA ?

 It is the certificate/label  It is an Association that  It is the VDA test catalog,

and test model of VDA monitors the quality of is based on the
ISA implementation and the internationally
 The TISAX online results of evaluations recognized ISO 27001
platform allows  Ensures a high degree of standard and includes
participants to share transparency and special criteria catalogs
evaluation data strengthens trust for the automotive
between their customers industry

3 06.04.2021 | B-RS Group Security Region SAM

Tisax Process

The TISAX process usually begins

with the automaker's request to its
suppliers to attest to a defined level
of information security management
in accordance with the requirements
of the VDA Information Security
Assessment (VDA ISA).

3rd To fulfill this request, your
organization must complete the
TISAX process in 4 steps.

Filling out documents with business

1st NDA VWB and Orga 27 areas.

4 06.04.2021 | B-RS Group Security Region SAM

Evaluation time
 The total duration of the TISAX process will depend
on several factors.

 The wide variation in the sizes of organizations, the

evaluation objectives and the respective readiness of
an information security management system will
contribute to the total time of the process.

 However, TISAX defines a maximum duration of 9

months for the entire evaluation process.

5 06.04.2021 | B-RS Group Security Region SAM

Tisax - Terms and Papers

Active participant
 Supplier/ Audited: organization that must demonstrate the effectiveness of its
information security management system (SGSI) with the TISAX brand at the
request of one of its "passive participant" customers.

Passive participant
 Customer/Automaker: organization that asks its relevant business partners
("active participants") to demonstrate the effectiveness of its SGSI with the
corresponding TISAX brand.

Audit provider
 Accredited providers by TISAX, approved by ENX to carry out the evaluations.

6 06.04.2021 | B-RS Group Security Region SAM

Tisax Scope Excerpt
 Participant ID
 Scope ID
 Location ID

The selected consultancy

will analyze which
evaluations should be
carried out, in which
locations (sites) and
definition of the objectives
to be audited agreed
custumer/automaker and

7 06.04.2021 | B-RS Group Security Region SAM

Objectives and levels of Tisax assessment
in. TISAX Assessment objective Abbreviation in. TISAX assessment objective Assessment level (AL)
1. Information with high protection needs High Info 1. Information with high protection needs AL 2
2. Information with very high protection needs Very high info 2. Information with very high protection needs AL 2
3. Data protection date 3. Data protection AL 2
According to article 28 ("Processor") of the European General Data Protection According to article 28 ("Processor") of the European General Data Protection
Regulation (GDPR) Regulation (GDPR)

4. Data protection with special categories of personal data Special date 4. Data protection with special categories of personal data AL 2
According to article 28 ("Processor") with special categories of personal data as According to article 28 ("Processor") with special categories of personal data as
specified in article 9 of the European General Data Protection Regulation (GDPR) specified in article 9 of the European General Data Protection Regulation (GDPR)

5. Protection of prototype parts and components Proto parts 5. Protection of prototype parts and components AL 2
6. Protection of prototype vehicles Proto vehicles 6. Protection of prototype vehicles AL 2
7. Handling of test vehicles Test vehicles 7. Handling of test vehicles AL 2
8. Protection of prototypes during events and film or photo shootings Events + 8. Protection of prototypes during events and film or photo shootings AL 2

 If you are driving test drives on public roads, the No. 7 "Handling of Test Vehicle"  The greater the protection needs, more the supplier should ensure that information
assessment objective is one of your assessment objectives. security is treated as if it were his. Therefore, TISAX differs at the three evaluation levels

 The assessment level defines the depth with which TISAX-accredited Certifies will use
to perform the audit process.

8 06.04.2021 | B-RS Group Security Region SAM


At the request of a passive participant (custumer/automaker), the

contractor (supplier) shall provide detailed reports with the depth of
detail requested, in accordance with the rules defined by ENX

Sharing The contents of the TISAX report are structured in levels.

Your organization will be able to decide to what level the automaker
and dissemination will have access to.
result of the The result of your organization's assessment is valid for three years,
and there are no annual monitoring audits.
Tisax Certification
Assuming your organization is still a supplier to that automaker
after 3 years, you'll need to renew your evaluation result by
following the three-step process again.

9 06.04.2021 | B-RS Group Security Region SAM

Approved connection tools

confidential Secret

with SimplX OFTP2 KVS ECA Connect KVS Connect

 Fill out the CSN Shortlist and send - (Supplier and VW Area)
 Contracting the connection with Operational services (Supplier)
 User Request and Token (VW area IT key user should contact IT)

10 06.04.2021 | B-RS Group Security Region SAM

Tisax - Connection Types
 VW Group Standard for Connection

11 06.04.2021 | B-RS Group Security Region SAM

Tisax - Cost types

(accredited providers)
• Cost of • Contracting
registering • Cost to carry the
on the out the audit connection
platform service
Operational Services

12 06.04.2021 | B-RS Group Security Region SAM

Reference links

Portal ENX Association

TISAX Handbook

Accredited providers

VDA requirements

Operational services

13 06.04.2021 | B-RS Group Security Region SAM

Thank you.

14 06.04.2021 | B-RS Group Security Region SAM

You might also like