TISAX certification
Based on the ISO 27001 standard, the Association of the Automotive Industry Verband der Automobilindustrie (VDA) has developed recommendations and evaluation criteria for the implementation and certification of information security in the automotive industry. The aim is to connect OEM manufacturers with suppliers, manufacturers and set identical rules for the entire project life cycle. This assessment is referred to as the VDA Information Security Assessment and falls under the TISAX® assessment.
How to get ready?
First of all, we recommend the introduction and certification of ISO 27001
This standard is proof for the entry evaluation criteria that the ISMS is implemented and certified in your country, ie it meets international requirements.
As part of the TISAX Intro ™ training, we will acquaint you with the course and requirements of the TISAX assessment in the field of information security.
Subsequently, we recommend a TISAX Foundation course that prepares you for the role of internal auditor or manager, who is a key person for the certification itself.
You can also use a non-binding audit, where in a fraction of the money and time you will find out how far you are prepared for certification. We identify areas that are treated and provide recommendations / consultations in those areas that are not treated.
Audit scope
Assessment scope + labels
The more sensitive the information on the projects, the higher the level of protection you should set. The evaluation results are valid for a maximum of 3 years and are accepted by all German OEMs.
Recommended rules for process security levels:
Level 1
Standard protection
Comparable to internal information
Level 2
High protection requirements
Comparable to confidential information
Level 3
Very high protection requirements
Comparable to classified information
Certification process
1Registration
We will register your company in the TISAX platform. Subsequently, we will determine the state of readiness of the organization and take the necessary pre-certification measures.
2 Contract
We will verify with you the scope of the audit, the required level of certification you need to obtain and we will conclude a contract for the audit / assessment.
3 Prep
The auditor will go through the certification process with you, including all important points. We will go through the completion of the questionnaire and other checklists together.
4 Assessment
The auditor reviews the documentation, ie how the safety principles are defined. It will prepare an audit report from the conclusions.
5Plan
The action plan covers areas that are not treated to meet the requirements of TISAX and VDA. The auditor will propose a solution.
6 Follow-Up
Follow-up is nothing more than a review of "corrected areas" based on the auditor's instructions. You will receive feedback and confirmation of the repair.
7 Conclusion
You will receive a final report and an evaluation label, which is listed and registered on the TISAX® platform. You can decide for yourself who can see your results. You have obtained a prestigious certification in the field of Information Security for Automotive Sector.
8 Congrats!
Our auditors will advise you on how to integrate this information appropriately into offers, marketing, sales and towards OEMs for whom you become a trusted supplier.
