What is TISAX certification?

TISAX (Trusted Information Security Assessment Exchange) is a standardised assessment and exchange mechanism used in the automotive industry to ensure companies meet strict data protection and information security requirements.

Who needs TISAX certification?

Any organisation handling sensitive information within the automotive supply chain—especially those working with OEMs or Tier 1 suppliers—may be required to obtain TISAX certification to demonstrate compliance with industry standards.

How long does it take to prepare for TISAX certification?

Preparation time depends on your organisation’s size, complexity, and current security posture. On average, it can take several months to complete the necessary steps for TISAX readiness.

Does TMW Resilience perform the audit?

No. TMW Resilience is not a certified audit provider. We guide your organisation through the entire TISAX preparation process so you are ready for evaluation by an accredited audit body.

What happens after certification?

After certification, we provide ongoing support including compliance monitoring, updates on regulation changes, and advisory services to ensure continued alignment with TISAX standards.

TISAX Compliance Support Hub

In the competitive and fast-evolving automotive sector, robust information security is more than a necessity—it's a strategic advantage. For companies in the OEM supply chain aiming to demonstrate compliance with the highest data protection standards, TISAX (Trusted Information Security Assessment Exchange) label is essential.

We guide organisations through every step of the TISAX preparation journey. Our experts work alongside your team to align your information security practices with TISAX requirements, ensuring you're fully prepared for a successful certification outcome. From readiness assessments to hands-on implementation support, we’re your partner in achieving and maintaining TISAX compliance.

Get Expert Tisax Support

Three people in Germany sat around a table in the office, looking at a monitor with some detailed automative plans on to represent the tisax compliance support that TMW offers to both UK and German customers.

Key Benefits of Working with TMW Resilience

End-to-End TISAX Preparation Support: We simplify the certification process, helping you understand and meet TISAX requirements efficiently.
Customised Strategies: Tailored approaches ensure your business's unique information security needs are addressed.
Integrated Compliance Frameworks: We help seamlessly embed TISAX requirements into your existing systems and workflows.
Staff Empowerment: Training and workshops equip your team with critical knowledge on information security and compliance.
Ongoing Support Post Assessment: Even after certification, we offer guidance to help you maintain compliance and security standards.

Get in touch

TISAX Assessment Levels

Navigating the TISAX label process involves understanding its distinct assessment levels. These aren't arbitrary steps; they represent a tiered approach to information security, precisely tailored to the varying protection needs within the automotive supply chain. Each level builds upon the last, ensuring your security posture aligns accurately with the sensitivity of the data you handle and the specific requirements of your OEM partners.

AL1 (Self-Assessment)

This level typically involves a self-assessment by the company, where the focus is on confirming the implementation of an Information Security Management System (ISMS) and a general understanding of information security requirements. It addresses standard protection needs and usually does not require an on-site audit by an accredited provider.

AL2 (Plausability-Checked Assessment)

Assessment Level 2 is applied when information has high protection needs, often involving sensitive data or general data protection requirements. This level mandates a remote professional assessment conducted by an accredited TISAX audit provider. The assessment includes a detailed review of documented controls and evidence, primarily via teleconference and documentation exchange.

AL3 (In-Depth Assessment)

This is the most stringent assessment level, required for information with very high protection needs, especially concerning prototype protection or handling highly confidential data. AL3 necessitates a comprehensive on-site professional assessment performed by an accredited TISAX audit provider, involving in-depth verification of physical, technical, and organisational security controls.

Why Receiving a TISAX Label Matters

A TISAX label is more than a checkbox—it's a mark of trust and organisational maturity. In today’s digital age, automotive manufacturers and suppliers must demonstrate their commitment to securing sensitive information. Benefits include:

Enhanced Reputation: Showcase your dedication to data security to partners, clients, and stakeholders.
Competitive Advantage: Differentiate your business by achieving industry-recognised compliance.
Stronger Partnerships: Many OEMS require their supply chain to have a TISAX label.
Reduced Risk: Minimise the likelihood of data breaches and regulatory penalties while strengthening digital resilience and enhancing your ability to recover from disruptions.
Operational Efficiency: Implement best practices that streamline security and compliance processes.

Speak to a Tisax Advisor

What to Expect When Working with Us

Achieving a TISAX label can seem complex, but with TMW Resilience, it becomes a structured and supported journey. Our proven approach breaks the process into manageable, strategic phases designed to build readiness, embed best practices, and sustain compliance beyond certification.

Discover

We begin with a detailed assessment of your current information security posture to uncover strengths and identify any gaps. This discovery phase lays the groundwork for a customised plan tailored to your business goals and compliance needs.

Build

Next, we co-develop a roadmap and work alongside your team to implement the required policies, controls, and documentation. Through expert guidance and hands-on collaboration, we help streamline your practices and embed TISAX-aligned processes within your existing systems.

Sustain

We ensure your team is audit-ready through practical training and ongoing support. Even after certification, we remain a dedicated partner, helping you monitor compliance, adapt to changes, and maintain long-term information security excellence.

Banner image with red squares and shadowed background

Partner with TMW Resilience Today

Choosing TMW Resilience means choosing a trusted advisor dedicated to your long-term information security success. Whether you're just beginning your TISAX journey or looking to strengthen your existing practices, we’re here to help.

Get in touch today to learn how we can support your path to a TISAX label and beyond.

Book a call

Frequently Asked Questions

TISAX (Trusted Information Security Assessment Exchange) is a framework developed by the German Association of the Automotive Industry (VDA). It is based on the VDA Information Security Assessment (ISA) and facilitates mutual recognition of information security assessments across the automotive supply chain. TISAX ensures that companies meet consistent, industry-accepted standards for information security, data protection, and prototype handling.
TISAX is not a legal requirement. However, it is often contractually required by original equipment manufacturers (OEMs) and Tier 1 suppliers within the automotive sector. For many suppliers, achieving a TISAX label is effectively a prerequisite for doing business with key industry partners.
The TISAX assessment evaluates your organisation’s implementation of controls based on the VDA ISA. The scope may include information security, data protection in line with GDPR, and prototype protection, depending on the specific requirements of your business relationships. The assessment ensures a mature and risk-based approach to managing sensitive information.
Timelines vary depending on your organisation's current readiness, the complexity of your operations, and the selected assessment level. Typically, the process takes between 3 to 6 months, including preparation, remediation, and coordination with an approved audit provider. More time may be required if significant gaps are identified during initial readiness reviews.
Yes. TISAX labels are valid for up to three years. To maintain your compliance status, you must undergo periodic reassessments. Depending on the assessment level and outcome, surveillance assessments may also be required to confirm continued compliance.
No. TMW Resilience is not an accredited TISAX audit provider. We specialise in providing comprehensive readiness support and ongoing guidance to help your organisation meet TISAX requirements. We also partner with ENX-authorised audit providers to ensure a seamless and efficient route to obtaining your TISAX label.