The dedicated certification procedure TISAX® (Trusted Information Security Assessment Exchange) was introduced under the leadership of the VDA (German Automotive Industry Association) to ensure conformity between the information security management systems (ISMS) used by OEMs, service providers and suppliers in the automotive industry.
This certification builds on ISO/IEC 27001 to deliver binding proof of information security. It includes the entire value chain within the automotive industry, irrespective of the company size.


Our consultancy services for you added value 

Preparing for TISAX® certification requires an approach that is just as strict as implementing an ISMS according to ISO 27001.
The details and methods are explained in the ISMS section.

But there are a few noteworthy differences between certification according to TISAX®/ VDA ISA and one according to ISO/IEC 27001.

Broadly speaking, the requirements for TISAX® certification are based on the demands of ISO/IEC 27001. However, they are defined in more detail by the assessment standards set out in the VDA ISA catalogue.
They address specific protection issues within the automotive industry in particular.
Included in this are requirements in regard to:

  • Prototype protection
  • Data protection

Another difference is that the VDA ISA catalogue describes specific measures that are either mandatory or optional, depending on the envisaged TISAX® level (or TISAX® audit target) - the level of protection the company’s information needs.

ARCA-Consult accompanies and supports your company from the preparatory phase to successful certification.

How to obtain your audited security level


Assessment requirements
Identification of the VDA ISA models for auditing and the necessary labels.

Supplier & ARCA-Consult

Company self-assessment based on the VDA ISA findings analysis

Supplier & ARCA-Consult

ISMS project
Planning and implementation of the outstanding VDA ISA requirements

Supplier & ARCA-Consult

Performance of an audit by an accredited audit provider


Request for the audit findings by the contractual partner
and monitoring of the assessment

Your company benefits significantly from TISAX® certification

Rebooting and stabilisation of current B2B relationships in the automotive industry

Standardisation prevents unnecessary costs and enables efficient results

No duplicate or multiple audits

Industry-wide recognition of the certifying body

Our services get you ready for VDA ISA

Gap analysis /
status quo

Definition of the information security goals
Scope definition
Analysis of guidelines and processes
Assessment of current ISMS maturity
Inclusion of suppliers and service providers

Risk management support

Deployment of the risk analysis method
Support during risk analysis
Identification of missing measures
Risk treatment and action plan
Implementation plan and completion of the measures

Preparation of documentation

Required ISMS documentation
Asset management
Risk management documentation
Statement of applicability (SoA)

Audit preparation

Assessment of the measures
Training for management and staff
Performance of internal audits/pre-assessment
Support during certification assessment