Project Description

Trusted Information Security Assessment Exchange (TISAX) for Automotive Industry

Are you a supplier or service provider for the automotive industry? Do you need to assure customers that you are keeping their information secure – Participation in the TISAX Exchange.

On the request of some of the largest automotive manufactures, a common assessment and exchange mechanism, based on VDA Information Security Assessment (ISA) criteria, has been developed:  Trusted Information Security Assessment Exchange (TISAX).

Entrusted by VDA, ENX Association is operating the TISAX. ENX is a Managed Security Service for secure and reliable communication, being used by more than 1,000 automotive companies in over 30 countries.

You undergo a VDA Information Security Assessment (ISA) administered by an accredited audit provider, such as DQS. As a registered TISAX participant, your assessment result will be accepted by all other participants in the scheme.

您是汽車行業的供應商或服務提供商嗎? 您需要向客戶保證您的信息安全嗎? – 參與TISAX 交換機制。

在几家全球知名汽車主機廠的推動下,基於VDA 信息安全評估標準的一個共同認可評估和交換機制已經建立:TISAX汽車行業信息安全評估交流機制。


您接受由經認可的審核提供商管理的VDA ISA信息安全評估, 例如DQS。作為註冊的TISAX參與者,您的評估結果將被機制中其他的參與者接受。

Assessment Standard 評估标准

The VDA’s Information Security working group recently developed an information security assessment (ISA) based on essential aspects of ISO/IEC 27001 and 27002, but with the addition of a maturity level model. Version 4.1 of the VDA ISA was published in late-2018.

VDA的信息安全工作組最近在ISO/IEC 27001 和 27002 的基礎上開發了信息安全評估基準(ISA),但增加了成熟度級別模型。 VDA ISA的4.1版本於2018年末發布。

Harmonizatio of Security Levles 安全等级协调

A comparison within the automotive industry revealed differences between the companies regarding the number and the designation of information classification levels.
The VDA’s Information Security working group has developed a standard scheme for classifying information, which has been published as a White Paper.
In conjunction with the requirements of the VDA’s Information Security Assessment (VDA ISA), it helps to prevent misunderstandings and risks during the exchange of information and thus fosters appropriate information handling.
The VDA recommends its members to use this White Paper for orientation and to implement the described scheme for information classification in the companies.


Service Processes 服務流程

  • Your organization have established and implemented an information security management system according to the associated standards.
  • Internal audit and management review.
  • Your organization provides basic data to DQS.
  • Service quotation and contract.
  • Your organization gets access by registering online on the TISAX portal
  • Determine scope and and assessment level.
  • Registrations of the scope ID by ENX (annual service fee).
    登記ENX提供的範圍編號 (年費)
  • Select DQS from the authorized audit service provider list.
  • Place order to DQS to perform the assessment against VDA ISA.
    向DQS要求提供基於VDA 信息安全評估基準的評審;
  • Kick-off, document review (self-assessment) .
  • Assessment by DQS (level 2: off-site, level 3: on-site);
    DQS 評審 (第2層: 非現場,   第3層: 現場);
  • The interim report is discussed;
  • Corrective actions to NCs, if any, within specified period.
  • An effectiveness verification, by an assessment, on the actions taken.
  • Assessment results uploaded to TISAX Database.
  • The assessed organization will be listed with its TISAX Label.
  • Assessment every 3 years.
  • You decide which TISAX participants can access which information by expressly granting access on a case-by-case basis.
  • The ENX Association monitors assessment quality and accredits audit providers based on a rigorous process.

Related News 相關新聞:

IATF 16949 Internal Auditor Training Course with HKPC

January 23rd, 2019|Comments Off on IATF 16949 Internal Auditor Training Course with HKPC

DQS Academy has established cooperation with HKPC to provide a series of public training courses in 2019. The 1st planned joint course will be [...]