Project Description

Trusted Information Security Assessment Exchange (TISAX) for Automotive Industry

Are you a supplier or service provider for the automotive industry? Do you need to assure customers that you are keeping their information secure – Participation in the TISAX Exchange.

On the request of some of the largest automotive manufactures, a common assessment and exchange mechanism, based on VDA Information Security Assessment (ISA) criteria, has been developed:  Trusted Information Security Assessment Exchange (TISAX).

Entrusted by VDA, ENX Association is operating the TISAX. ENX is a Managed Security Service for secure and reliable communication, being used by more than 1,000 automotive companies in over 30 countries.

You undergo a VDA Information Security Assessment (ISA) administered by an accredited audit provider, such as DQS. As a registered TISAX participant, your assessment result will be accepted by all other participants in the scheme.

您是汽車行業的供應商或服務提供商嗎? 您需要向客戶保證您的信息安全嗎? – 參與TISAX 交換機制。

在几家全球知名汽車主機廠的推動下,基於VDA 信息安全評估標準的一個共同認可評估和交換機制已經建立:TISAX汽車行業信息安全評估交流機制。


您接受由經認可的審核提供商管理的VDA ISA信息安全評估, 例如DQS。作為註冊的TISAX參與者,您的評估結果將被機制中其他的參與者接受。

Assessment Standard 評估标准

The VDA’s Information Security working group recently developed an information security assessment (ISA) based on essential aspects of ISO/IEC 27001 and 27002, but with the addition of a maturity level model. Version 4.1 of the VDA ISA was published in late-2018.

VDA的信息安全工作組最近在ISO/IEC 27001 和 27002 的基礎上開發了信息安全評估基準(ISA),但增加了成熟度級別模型。 VDA ISA的4.1版本於2018年末發布。

Harmonizatio of Security Levles 安全等级协调

A comparison within the automotive industry revealed differences between the companies regarding the number and the designation of information classification levels.
The VDA’s Information Security working group has developed a standard scheme for classifying information, which has been published as a White Paper.
In conjunction with the requirements of the VDA’s Information Security Assessment (VDA ISA), it helps to prevent misunderstandings and risks during the exchange of information and thus fosters appropriate information handling.
The VDA recommends its members to use this White Paper for orientation and to implement the described scheme for information classification in the companies.


Service Processes 服務流程
Organization 組織DQS 審核機構Remarks 備註
Implemented an information security management system according to the associated standards |
Provide basic data to DQS |
Service quotation and contract |
Confirmation | 確認
Register at TISAX portal |
Determine scope and and assessment level |
Registrations of the scope ID by ENX |
Annual fee | 年費
Select the authorized audit service provider |
Place order to DQS to perform the assessment against VDA ISA |
向DQS要求提供基於VDA 信息安全評估基準的評審
Kick-off, document review (self-assessment) |
(Participation |
Assessment by DQS (level 2: off-site, level 3: on-site) |
DQS 評審 (第2層: 非現場, 第3層: 現場)
Participation |
The interim report is discussed |
Corrective actions to NCs, if any, within specified period |
An effectiveness verification, by an assessment, on the actions taken |
Assessment results uploaded to TISAX Database |
Listed with TISAX Label |
Select which TISAX participants can access which information |
At least one assessment every 3 years |
Monitored by ENX Association |

Related News 相關新聞:

Completed IATF 16949 Internal Auditor Training Course with HKPC

March 26th, 2019|Comments Off on Completed IATF 16949 Internal Auditor Training Course with HKPC

Under the cooperation with Hong Kong Productivity Council (HKPC), DQS Academy has successfully delivered an IATF 16949:2016 Internal Auditor Training Course on [...]