TISAX® - VDA ISA

The Trusted Information Security Assessment Exchange (TISAX®), developed under the German Association of the Automotive Industry (VDA), offers a standardized certification process to align information security practices across OEMs, service providers, and suppliers in the automotive sector.
TISAX®  is oriented around the principles of ISO/IEC 27001, providing verified proof of robust information security across the entire automotive value chain, irrespective of company size.

  

Our consulting services for your added value 

Preparing for TISAX® readiness involves a disciplined approach to information security. For more on the process and methods involved, please visit our ISMS section.

While TISAX® and ISO/IEC 27001 share certain foundational principles, TISAX® introduces additional, detailed requirements based on the VDA ISA catalogue, specifically tailored to the needs of the automotive industry.
Theses include:

  • Prototype protection
  • Data protection

Furthermore, the VDA ISA catalogue defines specific measures, either mandatory or optional, depending on the desired TISAX® protection level, ensuring that the company’s information is safeguarded accordingly.

ARCA-Consult provides comprehensive support for your company, from the initial preparation phase through to successful TISAX® readiness.

How to obtain your audited security level

OEM

Assessment requirements
Identification of the VDA ISA models for auditing and the necessary labels.

OEM & ARCA-Consult

Company self-assessment based on the VDA ISA findings analysis

OEM & ARCA-Consult

ISMS project
Planning and implementation of the outstanding VDA ISA requirements

OEM & ARCA-Consult

Performance of an audit by an accredited audit provider

OEM

Request for the audit findings by the contractual partner
and monitoring of the assessment

Your company benefits significantly from TISAX®

Rebooting and stabilisation of current B2B relationships in the automotive industry

Standardisation prevents unnecessary costs and enables efficient results

No duplicate or multiple audits

Industry-wide recognition of the certifying body

Our services get you ready for VDA ISA

Gap analysis /
status quo

Definition of the information security goals
Scope definition
Analysis of guidelines and processes
Assessment of current ISMS maturity
Inclusion of suppliers and service providers


Risk management support

Deployment of the risk analysis method
Support during risk analysis
Identification of missing measures
Risk treatment and action plan
Implementation plan and completion of the measures

Preparation of documentation

Required ISMS documentation
Asset management
Risk management documentation







Audit preparation

Assessment of the measures
Training for management and staff
Performance of internal audits/pre-assessment
Support during TISAX® audit