top of page
download (9).webp


The ISO 27001 international standard and the TISAX® mechanism define corporate information security management systems requirements.

  • ISO 27001 is an information management system that establishes general requirements for all companies.

  • TISAX® defines requirements specifically for suppliers in the automotive industry.


TISAX® is based on ISO 27001 and follows its main principles, but both standards are fully independent of one another and there are some differences.

  • TISAX® defines specifically what 'secure' means when applied to information in the automotive industry, whereas ISO 27001 is open to a certain degree of interpretation.

  • In addition, the assessment methodology is different as ISO 27001 requires an annual audit, whereas TISAX® requires one assessment, which is valid for three years.

  • In terms of conformance confirmation, ISO 27001 awards a certificate, whilst TISAX® awards a label.

  • Certification to ISO 27001 is achieved by meeting the requirements of the standard, whilst achieving a TISAX® label is based on meeting the requirements of the assessment objective in the VDA assessment catalog.

Anchor 1
download (10).webp




This information is an important part of their value creation.

They want to protect it appropriately. And they want to be sure that you are handling their information with the same due care.


But how can they be sure that their information is in good hands?

They can’t just “believe” you. Your client needs to see some proof.


Instead of creating an evidence-based solution each time, a standard method removes the burden of proof.

And whilst defining the standard is a huge effort to start, it brings continuous benefits.

This is what the Trusted Information Security Assessment Exchange brings.


download (3) (1).webp

TISAX® is globally recognized and is required to do business with all major German automotive players. All automotive suppliers and service providers who process sensitive information should use TISAX® to meet consumer and regulatory information security requirements.


Partner with us to develop, improve or audit your ISMS.

Let us train your teams.

download (2).webp

The TISAX® process usually starts with one of your partners requesting that you prove a defined level of information security management according to the requirements of the “Information Security Assessment” (ISA). To comply with the request, you need to complete the 3-step TISAX® process.

Anchor 2

 Our global network of expert information management professionals can guide you through the TISAX® process with training, pre-audits, and support.

Depending on your Assessment Level (based on the information types you hold), ENCONA’s Subject Matter Expert (SME) will investigate each item from the ENX questionnaire and assess the gaps, in preparation for the Self-Assessment or TISAX® audit:

  • The first step will be an inspection of the facility to assess the physical security of the facility (the gates, the fences, the access doors, the employee access management system, the visitor management system, the security procedures at the gates, windows, emergency procedures, fire protection procedures, and tools, the potential breaches that can be exploited by a potentially bad intentioned person, etc.

  • The SME will have meetings with the heads of the departments to discuss their impact on the TISAX® requirements, where they are now, and where they should be. During all these discussions open points will result that will be inserted in a List of Open Points. The ISR (Information Security Responsible) person from the company will take part in all these meetings.

  • If you require assistance with the Self-Assessment, based on the questionnaire provided by ENX, our SMEs are available to assist.

  • We will conduct a Closing “All Hands On Deck” Meeting, including your entire management team. All the open points will be discussed, and actions, deadlines, and responsible people will be defined.


Our audits are neutral, so they do not cause a conflict of interest or create a risk of internal or supplier technology leaks.

download (3).webp
Anchor 3

We are a leading provider of powerful professional training and development courses in the automotive industry.

public   |   in-house   |   in-person   |   online   |   instructor-led   |   self-paced

EAC ID70100 Introduction to TISAX®
A 1-day introductory course ideal for information security responsible personnel of the company and department managers including IT, HR, Quality, Engineering, Administration, and Logistics.

VDA ID510 TISAX® Assessment with VDA ISA
A detailed course for personnel who will complete a self-assessment of their company‘s information security in accordance with the VDA ISA, who are preparing for a TISAX® audit, or who would like to develop themselves further in information security.

download (9).webp


A modular approach.

1 day

3-5 days

Gap and Risk Analysis

1 day

Support in creating the Self Assessment

1 day

Creating the List of Open Points and the Risk report

5-10 days

Support in closing the Open Points – mainly creation of the documents

1 day

Review of the documentation before submitting to ENX

bottom of page