Since the concept of "electrification, networking, intelligence, and sharing" was first proposed five years ago, the automotive industry has embarked on unprecedented and amazing changes. In the wave of change, the car has gradually gotten rid of its single setting as a "

    Since the concept of "electrification, networking, intelligence, and sharing" was first proposed five years ago, the automotive industry has embarked on unprecedented and amazing changes. In the wave of change, the car has gradually gotten rid of its single setting as a "transportation vehicle" and evolved into a smart product like a mobile phone. According to Goldman Sachs Research, the self-driving car market is expected to grow to $96 billion by 2025 and reach $290 billion by 2035. Some data show that today's intelligent cars can generate 20GB of data every day, and in the future, cars with stronger autonomous driving capabilities are expected to generate 10GB of data per second. This means that, from spare parts suppliers, Internet of Vehicles operation service providers, to cloud manufacturers, high-precision map manufacturers, and even insurance companies and other related companies in the automotive industry, they all need data analysis technical support, especially with the European Union's "General With the entry into force of the Data Protection Regulation (GDPR), data security has received more and more attention.

    TISAX (Trusted Information Security Assessment Exchange) trusted information security assessment and exchange standard is a dedicated information security standard for the automotive industry established based on ISO 27001 information security management system standard and VDA-ISA (Trusted Information Security Assessment Exchange) information security assessment checklist . Since suppliers and service providers in the automotive industry often deal with highly sensitive customer information, this requires OEMs to ensure a high degree of information security and network security for all stakeholders throughout the product development phase. So far, it was formulated by the European Network Exchange Association (hereinafter referred to as "ENX") and the German Automobile Industry Association (hereinafter referred to as "VDA") and launched in 2017, based on the VDA-ISA information security assessment standard and the general inspection and exchange mechanism operated by ENX , to realize the information security assessment and approval of automobile enterprises.

        TISAX provides a model for mutual recognition of information security assessment results for different service providers in the automotive industry. The supplier's passing the assessment means that its results have been recognized by all participating parties.

        TISAX certification is currently highly respected among automotive OEMs around the world. Many suppliers who provide OEMs with software, hardware and related services will be required by OEMs to establish and maintain their TISAX management system and pass the corresponding level of TISAX certification. as a condition of its admission.

Responsibilities of TISAX Parties

    TISAX (Trusted Information Security Assessment Exchange) trusted information security assessment and exchange standard is a dedicated information security standard for the automotive industry established based on ISO 27001 information security management system standard and VDA-ISA (Trusted Information Security Assessment Exchange) information security assessment checklist . Since suppliers and service providers in the automotive industry often deal with highly sensitive customer information, this requires OEMs to ensure a high degree of information security and network security for all stakeholders throughout the product development phase. So far, it was formulated by the European Network Exchange Association (hereinafter referred to as "ENX") and the German Automobile Industry Association (hereinafter referred to as "VDA") and launched in 2017, based on the VDA-ISA information security assessment standard and the general inspection and exchange mechanism operated by ENX , to realize the information security assessment and approval of automobile enterprises.

        TISAX provides a model for mutual recognition of information security assessment results for different service providers in the automotive industry. The supplier's passing the assessment means that its results have been recognized by all participating parties.

        TISAX certification is currently highly respected among automotive OEMs around the world. Many suppliers who provide OEMs with software, hardware and related services will be required by OEMs to establish and maintain their TISAX management system and pass the corresponding level of TISAX certification. as a condition of its admission.

A series of questions about TISAX certification

Which companies are undergoing TISAX certification

        TISAX certification applies to all organizations along the entire value-added chain of the automotive industry. With the development of digital transformation and industry ecology, the trend of cross-border integration has become increasingly prominent. At the same time, the globalization of information security issues has caused manufacturers in the industry to pay more and more attention to information security. At the same time, with the application of virtualization and cloud computing, online data interaction and collaborative office have become possible. In fact, Volkswagen Group has implemented the KVS data exchange platform to its suppliers, and its full version already has the function of collaborative development and design. Therefore, whether it is prototyping and development, or data security, under the conditions of informatization, information security has become the focus of major OEMs and their cooperative suppliers. Therefore, as a certification standard for information security in the industry, TISAX has been extended from the first-tier suppliers of OEMs to second-tier and third-tier suppliers, and from component suppliers to chip and other component suppliers. Therefore, in order to meet the requirements of the market and the industry, suppliers and service providers of all automobile manufacturers, as well as suppliers handling sensitive information of related companies, are actively applying for TISAX certification.

Which companies are undergoing TISAX certification

        TISAX certification applies to all organizations along the entire value-added chain of the automotive industry. With the development of digital transformation and industry ecology, the trend of cross-border integration has become increasingly prominent. At the same time, the globalization of information security issues has caused manufacturers in the industry to pay more and more attention to information security. At the same time, with the application of virtualization and cloud computing, online data interaction and collaborative office have become possible. In fact, Volkswagen Group has implemented the KVS data exchange platform to its suppliers, and its full version already has the function of collaborative development and design. Therefore, whether it is prototyping and development, or data security, under the conditions of informatization, information security has become the focus of major OEMs and their cooperative suppliers. Therefore, as a certification standard for information security in the industry, TISAX has been extended from the first-tier suppliers of OEMs to second-tier and third-tier suppliers, and from component suppliers to chip and other component suppliers. Therefore, in order to meet the requirements of the market and the industry, suppliers and service providers of all automobile manufacturers, as well as suppliers handling sensitive information of related companies, are actively applying for TISAX certification.

How is the recognition of TISAX certification in the automotive industry?

       TISAX certification is the only mechanism for information security certification of the automotive industry chain, and its cooperative association - the German Automobile Industry Association (VDA) has a profound industry awareness. In the automotive industry, German OEMs have the most stringent requirements, and other European, American and domestic manufacturers are also following suit. In order to ensure the information security of the supply chain, many German OEMs have mandated that their suppliers at all levels must pass TISAX certification before they can exchange data with them, and many domestic auto parts companies have also received mandatory certification notices. In fact, as early as 2018, Volkswagen, Audi, and Citroen Group have clearly put forward the requirement of "must pass TISAX certification" for their suppliers, and Mercedes-Benz, BMW, etc. have also followed up on the requirements for suppliers to obtain TISAX certification.

How many levels does TISAX have? What's the difference?

The audit levels are divided into AL1, AL2 and AL3. AL1 is generally self-assessment, while AL2 and AL3 require third-party auditors to conduct on-site audits of the factory. Generally, only AL2 and AL3 can be recognized by TISAX.

How many tags are currently defined by TISAX

       At present, TISAX currently defines a total of 8 tags. Enterprises will get several labels by applying and passing a few. The current labels include: 2 information security labels (INFO HIGH, INFO VERY HIGH), 2 data protection labels (DATA, SPECIAL DATA), 4 prototype protection labels (PROTO PARTS, PROTO VEHICLES, TEST VEHICLES-, EVENTS SHOOTINGS).

        The certification result is not reflected in the form of a certificate, but a different electronic label. Labels are valid for 3 years from the day of the closing meeting.

ISO27001 VS TISAX

       The TISAX® Trusted Information Security Assessment and Exchange Standard is based on the ISO 27001 information security management system standard extended to include automotive-specific requirements, such as protection as a prototype. Businesses that are audited by TISAX are not automatically ISO 27001 certified.