What is TISAX?
TISAX is a standard evaluation and exchange process for the automotive industry. It uses the ISA security questionnaire (Information Security Assessment), initially used for audits by German Association of the Automotive Industry (VDA) member businesses. The VDA ISA questionnaire has been accessible since July 2020 in version 5.0. This version is required for all new TISAX compliance assessments as of October 1, 2020.
It’s worth noting that TISAX is built upon the fundamental specifications of ISO 27001, an internationally accepted information security standard.
TISAX was created to guarantee adequate information security in the automotive industry. It offers mutual recognition, quality assurance, and standardization for information security audits specific to the automotive sector. The ENX Association owns the registered trademark TISAX.
The main goals of TISAX requirements are to develop a community where automotive players can discuss IT/IS performance and to produce a standardized benchmark on shared criteria within the industry.
Why is TISAX Necessary?
Companies in the automotive sector are increasingly looking for their suppliers to be TISAX certified as a security measure to ensure that the sensitive data they exchange is adequately safeguarded. TISAX builds customer trust in an industrythat is increasingly vulnerable to breaches.
Understanding the Need for Futureproofing Automotive Security
All facets of the automobile industry’s operations, from vehicle design to production and maintenance, rely significantly on sensitive data and information technologies. Maintaining data security and compliance is critical. To understand the complexity of technology, it’s important to know that each device and asset represents a set of interconnected attack vectors. EV charging stations, for instance, can link with car dealerships, cell phones, telemetry, navigation, mapping, entertainment, in-car web browsers, other cars, driver assistance systems, and more.
Upstreams’s 2024 Global automotive report stated that there were nearly 300 cyber attacks on the automotive industry in 2023, with 50% having a high or massive impact.
As new technologies “drive” the automotive industry, they open the doors for malicious actors to breaches and cyber attacks.
Start Getting Value With
Centraleyes for Free
See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days
For example, breached charging stations have sprung up across the world. At the start of the Russia-Ukraine War, charging stations in Moskow were tweaked with anti-Putin messages. In England the same year, inappropriate content was broadcasted on public chargers. This year, a YouTube video showed a play-by-play illustration of how one can freely breach the operating system of Electrify America charging stations.
And if your immediate thought is that home charging is the way to go, you won’t be immune there either, says a Telegraph article published in February this year. In the news article, Wallbox’s Copper SB charger was pulled off the market for fear hackers could exploit it to attack the national grid. But over 30,000 chargers of the said model had already been sold.
Regulation is the obvious way to drive the industry to improve its baseline security standards.
The Role of TISAX in Automotive Security Risks
TISAX is a solid security framework created with the automotive industry in mind. It gives businesses a methodical, standardized way to evaluate and improve their security posture. With TISAX auditing, organizations can implement effective security controls and adhere to industry best practices. TISAX assessments identify and strengthen areas like supplier connections, data protection protocols, and information security management systems.
TISAX Cycle
Enrollment in the vehicle TISAX Exchange register is contingent upon completing an assessment every three years.
Through a web platform, TISAX members exchange information about each other’s information security status, as determined by the outcomes of their evaluations.
It is important to know that no TISAX participant automatically has access to another participant’s assessment results. The audited company decides who in the TISAX network receives what information by explicitly authorizing the sharing of the specified information on a case-by-case basis.
Benefits of TISAX
- TISAX enjoys broad acceptance in the automotive sector
- One TISAX assessment every three years is all you need to stay on top of your certification
- Gain more clarity due to the harmonized VDA-ISA test catalog
- Total control of the assessment results
- TISAX consolidates existing business relationships
- TISAX facilitates new relationships
TISAX For a Secure Future
Regulative standards will likely be released to ensure automotive security’s long-term success and sustainability. In the meantime, TISAX certification is a powerful tool to stay ahead of emerging security challenges, enabling companies to embrace innovation while maintaining robust security practices. By proactively addressing risks and leveraging the TISAX framework, automotive organizations can future-proof their security and instill confidence in customers, partners, and stakeholders.
To learn more about the TISAX audit assessment, contact us today!
Start Getting Value With
Centraleyes for Free
See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days
