TISAX®: New year, new label(s)?

The assessment and exchange mechanism for information in the automotive industry – or TISAX® for short – is being developed further. The association responsible for TISAX®, the ENX Association, is planning to expand the list of assessment objectives and labels from eight to ten. This will also be reflected in the industry standard VDA-ISA on which the assessments are based.

Why is the VDA-ISA standard being revised?

According to the ENX working group responsible for VDA-ISA, changes in the threat landscape called for a standard revision. Up to now, the standard has focused mainly on industry espionage regarding information and cyber security. To prevent this kind of malicious action, the aspect of confidentiality has been defined as a dedicated assessment objective. Recently, however, with the massive rise in ransomware attacks, a new focus on availability has been added.

The reason: If, for example, an extortion Trojan were to shut down the business operations of a supplier, certain parts would quickly become unavailable. This, in turn, would have serious consequences for manufacturers' production capabilities.

Which new labels are planned for TISAX®?

The changes concern assessment objectives and labels for the “Information Security” criteria catalogue. At the moment, TISAX® distinguishes between two assessment levels (protection requirements): handling information with a “high” and a “very high” need for protection.

The two labels from current version 5 will soon become four labels in version 6 (see figure below), which has already been officially announced. The distinction between “high” and “very high” will remain. However, both levels will be available both for the aspect of “confidentiality” and for the aspect of “availability”.

In the end, there will be four new labels:

  • Confidential
  • High Availability
  • Strictly confidential
  • Very high availability

New TISAX Labels Infographic

 

 

Which requirements need to be met for the new labels for a certification on TISAX®?

The exact requirements and the questions with which they will be integrated into the VDA-ISA questionnaire have not been made public yet.

The ENX working group responsible for the updates is expected to present their proposals before the end of Q1 2023. These proposals will likely be reviewed during the summer and be adopted in Q3 2023 at the earliest or in Q1 2024. We thus do not expect the new version 6 of the ISA questionnaire to come into force before the end of 2023, beginning of 2024.

How and when will the new labels be available to organisations?

If the schedule given above is met, the new labels for a certification on TISAX® will not be issued until the end of 2023 or the beginning of 2024 at the earliest.

Good to know, however: Companies that are due for an audit for an assessment on TISAX® in 2024 may already register for the new assessment objectives in the ENX portal and thus prepare their organisation for the assessment.

Regarding the “How”, everything stays the same: organisations choose their assessment scope according to the requirements given by their customers from the automotive industry. The audit providers carry out the assessment just as before, the first step being the self-assessment according to the ISA questionnaire. Depending on the assessment level, answers are verified by the audit providers either remotely with plausibility checks or in person during on-site audits.

Do all organisations need to re-certify because of the new labels?

No, all certifications on TISAX® remain valid for three years regardless of the revisions made. Thus, there will be a transition period. As the ENX association has announced, labels that have already been issued will be automatically upgraded during this period.

In other words: if you meet the criteria for “High information security” and your label is still valid for a longer period, the ENX portal will list you with both labels - i.e. with “High information security” and “High availability” – starting at the time the VDA-ISA 6 comes into force. The same applies to the label with the former protection level “Information security very high”. All those who have it will – for the time being – automatically be given the new label.

How can DataGuard support us with the new requirements for the assessment on TISAX®?

Our experts on the certification on TISAX® monitor the developments closely and are always up to date. As soon as any new information is made public, we will help you prepare for the basics of the assessments with the new questionnaire. Of course, we also support you when selecting your assessment scopes for 2024, with your registration with the ENX portal and meeting implementation deadlines issued by your customers.

Get in touch with our experts to find out more. We are happy to help.

TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

 
Checklist on TISAX® Checklist on TISAX®

Checklist on TISAX®

Find out how to organise your team, what the necessary deliverables are for each step, and the estimated timeframe to expect.

Download Now

About the author

Contact Sales

See what DataGuard can do for you.

Find out how our Privacy, InfoSec and Compliance solutions can help you boost trust, reduce risks and drive revenue.

  • 100% success in ISO 27001 audits to date 
  • 40% total cost of ownership (TCO) reduction
  • A scalable easy-to-use web-based platform
  • Actionable business advice from in-house experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • External data protection officer
  • Audit of your privacy status-quo
  • Ongoing GDPR support from a industry experts
  • Automate repetitive privacy tasks
  • Priority support during breaches and emergencies
  • Get a defensible GDPR position - fast!

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Continuous support on your journey towards the certifications on ISO 27001 and TISAX®️, as well as NIS2 Compliance.
  • Benefit from 1:1 consulting
  • Set up an easy-to-use ISMS with our Info-Sec platform
  • Automatically generate mandatory policies
Certified-Icon

100% success in ISO 27001 audits to date

 

 

TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Proactive support
  • Create essential documents and policies
  • Staff compliance training
  • Advice from industry experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Comply with the EU Whistleblowing Directive
  • Centralised digital whistleblowing system
  • Fast implementation
  • Guidance from compliance experts
  • Transparent reporting

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Let's talk