Automotive. Security. Trust.

TISAX: the security the automotive supply chain demands

TISAX (Trusted Information Security Assessment Exchange) is the information security standard for the automotive supply chain, required by OEMs such as Volkswagen, BMW, Mercedes-Benz and Stellantis. AtWorkStudio supports you in preparing for the assessment with dedicated consulting, gap analysis and a management system certified to ISO/IEC 27001, 27017, 27018 and ISO 9001.

Request TISAX consultingLearn more
Free online assessment

What is your cyber maturity level?

Find out in 15 minutes with our assessment based on the NIST Cybersecurity Framework 2.0. The results are a concrete starting point to understand how close you are to TISAX requirements.

106 questions · Instant report · No commitment

Start the free assessment
VDA ISA Catalogue

What TISAX requires from your company

The TISAX assessment is based on the VDA ISA (Information Security Assessment) catalogue, which extends ISO/IEC 27001 controls with automotive-specific requirements. The assessment levels (AL 1, 2, 3) determine the depth of verification based on the sensitivity of the information handled.

Information security

Governance, risk management, access control, encryption and network protection. The baseline requirements are aligned with ISO 27001, with additional controls specific to the automotive context.

Prototype protection

Physical and logical controls for the protection of prototypes, design data and pre-launch information. Controlled access, tracking and removable media management.

Personal data protection

GDPR compliance with a focus on data processing in the automotive supply chain: driver data, telemetry, end-customer information and employee data.

Supply chain security

Assessment and management of risks from suppliers and subcontractors. Contractual requirements, periodic audits and continuous monitoring of the supply chain.

Business continuity

Business continuity and disaster recovery plans to ensure service availability even in the event of an incident. Backup, replication and periodic testing.

3 Assessment Levels

AL 1: self-assessment. AL 2: verification by an ENX-accredited audit provider (the most common). AL 3: in-depth verification for highly confidential information. The level depends on the OEM and the type of data handled.
How we support you

The path to TISAX compliance

TISAX is not a one-time certification: it is a periodic assessment that demonstrates to automotive supply chain partners that your company manages information security in a structured way. AtWorkStudio accompanies you from the initial gap analysis to assessment preparation, without being a certification body — our role is to get you fully prepared.

VDA ISA gap analysis

We map your current state against the VDA ISA catalogue requirements. We identify gaps, priorities and define a realistic action plan with clear timelines and costs.

Implementation and hardening

We support you in implementing controls: policies, procedures, technical configurations, encryption, network segmentation and prototype protection. Everything documented and auditable.

ISO 27001 Certifications

Our management system is certified to ISO/IEC 27001, 27017, 27018 and ISO 9001. ISO 27001 covers the foundation of TISAX requirements — starting there significantly accelerates the journey.

Frequently asked questions about TISAX

Answers to the most common questions about TISAX compliance for automotive supply chain companies.

The automotive supply chain demands security: take the first step

Contact us for dedicated TISAX compliance consulting. We will guide you from gap analysis to assessment preparation, with a concrete approach and no surprises.

Contact usOur Cybersecurity services