Prepare for your TISAX assessment systematically

All requirements of the TISAX standard in one integrated platform - from the ISA catalog to assessment readiness.

Official name: TISAX - Trusted Information Security Assessment Exchange

The Challenge

TISAX is the standard for information security in the automotive industry. The ISA catalog (Information Security Assessment) comprises extensive assessment criteria covering information security, prototype protection and data privacy. Without structured tools, systematically implementing all requirements and preparing for the assessment is nearly impossible to manage efficiently.

Our Solution

Aldric supports TISAX preparation with modules for ISMS management, TOM documentation and policy management. The platform enables you to systematically work through the ISA catalog and transparently document the implementation status of all assessment criteria.

Key Regulations

ISA 1-3 - Information Security Policies

Requirements for policies, organization and responsibilities for information security.

ISA 4 - Asset Management

Identification, classification and protection of information assets and IT assets.

ISA 5-6 - Access Control & Cryptography

Requirements for logical access controls, user rights and cryptographic measures.

ISA 8 - Prototype Protection

Specific requirements for protecting physical and digital prototypes in automotive development.

Supported Modules

๐Ÿญ

ISA Catalog Management

Work through the VDA ISA catalog systematically and document the implementation status of each assessment criterion.

๐Ÿ”

Prototype Protection

Document measures for protecting confidential information and physical prototypes according to TISAX requirements.

๐Ÿ›ก๏ธ

ISMS Integration

Use existing ISO 27001 controls as a foundation and supplement them with TISAX-specific requirements.

๐Ÿ“Š

Maturity Tracking

Monitor the maturity level of your information security across all TISAX assessment objectives.

๐Ÿ“‹

Assessment Preparation

Prepare specifically for the TISAX assessment with evidence documentation and gap analysis.

Your Path to Compliance

  1. 1

    Define scope

    Define the TISAX scope: assessment objectives (information security, prototype protection, data privacy) and affected locations.

  2. 2

    Conduct baseline assessment

    Evaluate the current state of your information security against the ISA catalog.

  3. 3

    Implement measures

    Close identified gaps through targeted technical and organizational measures.

  4. 4

    Collect evidence

    Document all implemented measures and prepare evidence for the auditor.

  5. 5

    Undergo assessment

    Have the TISAX assessment conducted by an accredited audit provider.

Frequently Asked Questions

What is TISAX and who needs it?

TISAX is an industry-specific standard for information security in the automotive industry. Suppliers and service providers who handle sensitive data from OEMs typically need a TISAX label as a prerequisite for collaboration.

How do TISAX and ISO 27001 relate?

TISAX is based on the VDA ISA catalog, which is closely aligned with ISO 27001 but supplemented with automotive-specific requirements such as prototype protection. An existing ISO 27001 ISMS already covers a large portion of TISAX requirements.

What are the TISAX assessment objectives?

There are three assessment objectives: information security (baseline), prototype protection and data privacy. Depending on the collaboration with the OEM, one or more objectives may be required.

How long is a TISAX label valid?

A TISAX label is typically valid for three years. After that, a reassessment is required. Aldric supports you in continuously maintaining your ISMS between assessments.

What are the TISAX assessment levels?

TISAX has three assessment levels: AL 1 (self-assessment), AL 2 (plausibility check) and AL 3 (comprehensive verification). Most OEMs require AL 2 or AL 3, with AL 3 being necessary for highly sensitive information such as prototypes.

Related Modules

ISMS / ISO 27001 Controls

Implement and monitor your information security management system.

Learn more

Technical & Organizational Measures

Manage and document your TOMs according to Art. 32 GDPR and ISO 27001.

Learn more

Policies & Training

Create, distribute and track compliance policies and employee training.

Learn more

Incident & Breach Management

Detect, report and document data breaches within the 72-hour deadline.

Learn more

Business Continuity Management

Plan and test your business continuity and emergency processes.

Learn more

Related Use Cases

Chief Information Security Officer

Ready for Efficient Compliance Management?

Start with a free demo and discover how Aldric simplifies your compliance processes.

Request Demo View Pricing