standards

TISAX Certification – Automotive Information Security Consultancy

Meet industry security standards and win the trust of automotive OEMs with TISAX

TISAX (Trusted Information Security Assessment Exchange) is the recognised security assessment framework for the automotive sector, developed by the German Association of the Automotive Industry (VDA) and managed by the ENX Association. It is increasingly required by original equipment manufacturers (OEMs), Tier 1 suppliers, and mobility technology companies across Europe.

TISAX is based on ISO 27001 but introduces additional requirements tailored to the automotive supply chain. These include strict controls around prototype protection, data privacy, and secure information exchange. Organisations that handle sensitive customer data, vehicle design files, or engineering documentation must often achieve a TISAX label to access new business opportunities.

AvISO provides structured, practical support for organisations seeking to achieve and maintain a TISAX assessment. Whether you are a Tier 1 supplier, an engineering consultancy, or a technology partner working with OEMs, we help you understand the assessment requirements, define your scope, and prepare your system and team for successful evaluation.

What our clients say

“AvISO translated the complexity of VDA ISA into a manageable roadmap. With ISOvA, we had all policies, tasks, and evidence in one place. Our auditor commented on how mature and practical our system was — we couldn’t have done it without this support.”

Managing Director, UK-based Mobility Tech Supplier

TISAX

Support to achieve TISAX Accreditation

Nippon Express
TISAX

TISAX Implementation Support

Motorvia
TISAX

Support in implementing TISAX®

Optic Group
See more Case Studies

How AvISO supports TISAX compliance

We guide you through every stage of the TISAX journey, from scoping to publication on the ENX portal. Our support includes:

  • Readiness assessment against VDA ISA requirements
  • Help defining the correct assessment objectives and label levels
  • Support developing and documenting your ISMS, including policy frameworks and controls
  • Gap closure and implementation planning
  • Preparation and liaison with the accredited assessment provider (e.g. TÜV, DEKRA)
  • Support through the audit process and result publication

Whether you are new to information security frameworks or building on existing ISO 27001 controls, we help ensure TISAX compliance is efficient, manageable, and aligned with your business goals.

Common TISAX challenges — and how we solve them

Many suppliers struggle with the practical and technical demands of TISAX. Common pain points include:

  • Uncertainty about the right label or scope – We help define your assessment objective, security level, locations, and expected outcomes
  • Lack of formal policies or procedures – We provide editable templates and support tailoring them to your operations
  • No dedicated security or compliance staff – We guide lean teams through implementation using structured plans and remote support
  • Overlap with ISO 27001 or other frameworks – We map and integrate existing systems to avoid duplication and reduce effort
  • Complex or unclear audit expectations – We prepare you step by step for the external assessment, including evidence, testing, and follow-up

Our consultants make the VDA ISA framework accessible and actionable, without compromising on technical rigour.

Start your ISO TISAX journey with AvISO

Whether you're responding to a customer request or planning ahead for future partnerships, AvISO helps you meet TISAX requirements with confidence. Our consultancy and ISOvA platform ensure you’re prepared, supported, and aligned with automotive industry expectations.

get in touch

TISAX services and consultancy support

We offer a full suite of TISAX services, tailored to your organisation’s sector, scope, and starting point:

Expert consultancy and project management

  • Scoping sessions to define the correct TISAX label and assessment level
  • Review of existing systems, controls, and certifications
  • Planning for label publication, recertification, or reassessment
  • Management of timelines, stakeholder roles, and resource planning

Information security system development

  • Design and documentation of a TISAX-aligned ISMS
  • Policy development including information security, data privacy, and prototype protection
  • Risk assessment and risk treatment plans using automotive-focused templates
  • Physical and logical access control measures
  • Secure communication, data transmission, and mobile working protocols

Operational and technical controls

  • Configuration of IT controls for access, authentication, encryption, and backups
  • Secure development and hosting guidance for digital products and services
  • Review of third-party contracts and supplier due diligence
  • Logging, monitoring, and incident response process development
  • Role-based training and awareness programmes for staff and contractors

Audit preparation and assessment support

  • Preparation of evidence packs and control registers
  • Support completing self-assessment questionnaires (VDA ISA)
  • Internal pre-audit walkthroughs and documentation reviews
  • Support during the external assessment and post-audit follow-up
  • Result registration and publishing guidance via the ENX portal

ISOvA for digital TISAX management

AvISO clients receive free access to ISOvA for their first TISAX project. This Microsoft 365-based compliance platform simplifies the entire process.

  • Manage policies, evidence, and controls in one central platform
  • Assign responsibilities and track progress toward label readiness
  • Schedule reviews, audits, and document updates
  • Maintain a live record of access controls, incidents, and risk treatments
  • Share real-time dashboards with leadership and OEM partners

ISOvA ensures your TISAX programme is clear, traceable, and always audit-ready.

Integrated TISAX systems for better compliance

TISAX overlaps with many other frameworks, and integration can reduce duplication and cost. We typically integrate TISAX with:

  • ISO 27001 – Information security management
    TISAX is fundamentally based on ISO 27001. If your organisation already has an ISMS, we help extend or tailor it to meet TISAX-specific controls such as prototype protection and data exchange requirements.
  • ISO 27701 – Privacy information management
    TISAX assessments often include a privacy label. ISO 27701 provides the structure for privacy governance, data subject rights, and processing activities. Combined implementation strengthens GDPR alignment and supports international data transfers.
  • SOC 2 – Trust services reporting
    For suppliers working across both automotive and cloud ecosystems, SOC 2 covers trust principles like confidentiality, availability, and privacy. We align overlapping controls and simplify audit preparation for both frameworks.
  • ISO 22301 – Business continuity management
    TISAX requires controls around resilience, incident response, and disaster recovery. ISO 22301 formalises these requirements and ensures continuity for critical data systems and communications.
  • ISO 9001 – Quality management systems
    Integrated management systems support consistent process delivery, documentation control, and risk-based thinking. This creates a more auditable and reliable control environment for both security and operational outcomes.
  • ISO 31000 – Risk management
    Broader enterprise risk frameworks like ISO 31000 help contextualise information security within strategic and operational decision-making. We align TISAX risk assessments with existing registers to ensure board-level oversight.

Integrated systems reduce administrative overhead and demonstrate mature governance to OEM partners. With ISOvA, integration is seamless — data, evidence, and responsibilities are centrally managed and version-controlled.

Why choose AvISO for TISAX?

  • Automotive sector experience with both OEMs and suppliers
  • Deep knowledge of VDA ISA and TISAX label requirements
  • Successful outcomes with Tier 1, Tier 2, and technology vendors
  • Support for internal teams with limited compliance resources
  • Trusted by major certification bodies and assessment providers
  • ISOvA platform included to simplify audit preparation and ongoing maintenance

We don’t just help you tick the boxes — we help you build a system that supports long-term growth, security, and client trust.

Talk to us about ISO TISAX certification

Let’s explore how we can help your team — from gap analysis to digital integration.
Kent: 01892 800476 | London: 02037 458 476 | info@avisoconsultancy.co.uk

By filling out this form, you agree to the terms laid out in our privacy policy
Thank you!
Your submission has been received, one of our team members will be in touch soon.
Oops! Something went wrong while submitting the form.
ISO consultants kent

ISO TISAX FAQs

Most frequently asked questions

What is TISAX, and who requires it?

TISAX (Trusted Information Security Assessment Exchange) is a security assessment scheme for the automotive sector, based on ISO 27001 and tailored by the VDA. It is required by major European OEMs and increasingly by their suppliers and partners.

Is TISAX the same as ISO 27001?

No. TISAX uses ISO 27001 as its foundation but introduces additional requirements around prototype protection, data privacy, and secure partner collaboration. It is assessed using VDA ISA criteria and published on the ENX portal.

Is TISAX a certification?

Not technically. You undergo an accredited assessment and receive a result (label) which is registered and published on the ENX portal. There is no physical certificate, but the label is considered equivalent for assurance purposes.

What are the TISAX labels?

TISAX labels cover areas like information security, data protection, and prototype protection. Labels also define the assessment level — from self-assessment (Level 1) to third-party audits with on-site verification (Level 3).

How long does TISAX take?

Most TISAX projects take 3 to 6 months, depending on the label scope, number of sites, and readiness level. Planning and preparation time can vary based on existing systems and documentation maturity.

Can we use ISO 27001 documentation for TISAX?

Yes, with adaptation. AvISO helps map your ISO 27001 controls to the VDA ISA requirements and close any gaps. Where additional controls are required, we provide templates and guidance to support implementation.

Do we need a privacy policy for TISAX?

Yes, if your label includes data protection. This typically requires documented data handling practices, subject access procedures, and compliance with regulations such as GDPR or CCPA.

What kind of evidence is required?

You will need documented policies, risk assessments, training records, audit logs, access control procedures, incident logs, and more. ISOvA makes this evidence traceable, version-controlled, and accessible.

Can TISAX be renewed or updated?

Yes. Labels are valid for three years. You can also update the label scope if your business changes or if OEM requirements expand. AvISO supports revalidation and scope changes.

Will AvISO support us during TISAX audit?

Absolutely. We help prepare documentation, coordinate with the auditor, and provide clarification throughout the process. Our aim is to make the audit smooth, professional, and successful.

Related articles

Articles you maybe interested in

ISO 9001 - Quality Management System Standard Articles
News

Monthly Legal Compliance Update for June 2025 by AvISO

ISO 9001 - Quality Management System Standard Articles
News

Legal Compliance Update for May 2025

choose a standard

What Standard are you looking to obtain:

ISO 9001 – Quality Management System Standard
ISO 14001 – Environmental Management System Standard
ISO 27001 – Information Security Management System Standard
ISO 20001 - Information Technology Service Management Part 1
ISO27701:2019 – Privacy Management System Standard
ISO 30071-1 - Digital Accessibility Standard
ISO 37001 – Anti-Bribery Management System Standard
ISO 45001 – Health and Safety Management Standard
ISO 50001 – Energy Management System Standard
ISO 14064:1 - Quantification And Reporting Of Greenhouse Gas Emissions And Removals
ISO 14067 - Carbon Calculator
PAS 2060 - Carbon Neutrality
ISO 17024 - Conformity Assessment of the Certification of Persons
ISO 17025 – The competence of testing and calibration laboratories
ISO 20121 – Event Sustainability Management System Standard
ISO 37301:2021 – Legal Compliance Management System 
ISO 31000 - Risk Management
ISO 37002 - Whistleblowing
The Digital Operational Resilience Act (DORA)
ISO 13485 Certification – Medical Device Quality Management Consultancy (QMS)
ISO 22000 – Food Safety Management System Standard
BES 6001 - Responsible Sourcing of Construction Products
ISO 22301 – Business Continuity Management System Standard
IATF 16949 – Automotive Quality Management System Standard
ISO 44001- Collaborative business relationships
BS 8900 - Guidance for managing sustainable development
CYBER ESSENTIALS – Cyber Security
SOC2 Compliance
ESOS – Energy Savings Opportunity Scheme
FIAS – Fertiliser, Security & Traceability
Lexcel – Legal Management System
MOD Standards
SECR - Streamlined Energy and Carbon Reporting
TISAX® – Information Security for the Automotive Industry
AS 9100 - Aerospace Quality Management System | Aqms
esos Energy Audits
B CORP CERTIFICATION
ISO 45003 - Occupational Health and Safety Management
ISO 42001:2023 - Artificial Intelligence 
FIA Environmental Accreditation
Need more info? Let us know how we can help
get in touch
ISO Consultancy London
Ask a Question
By clicking “Continue To Site”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Continue To Site