The digital transformation and increasing connectivity are fundamentally changing the automotive industry - especially in the area of information security. At the same time, data-driven business models are creating considerable potential. In order to meet the associated requirements, the ENX Association has developed the Trusted Information Security Assessment Exchange (TISAX®) on behalf of the German Association of the Automotive Industry (VDA).

What is TISAX®?

TISAX® (Trusted Information Security Assessment Exchange) is an assessment and exchange mechanism for information security that is based on the VDA Information Security Assessment (ISA). The aim is to assess security requirements in a standardised manner and to exchange results confidentially between partners without multiple assessments.

Who needs a TISAX® label?

A TISAX® label is a prerequisite for working with many OEMs (Original Equipment Manufacturers) and Tier 1 suppliers in the German and international automotive industry. It is increasingly becoming mandatory for:

Development service providers
Manufacturing trades
Manufacturing companies with prototype access
IT and cloud providers
Logistics service providers
Engineering offices and consultancies with OEM contact

Small and medium-sized companies in the supply chain must also provide proof of TISAX® in order to remain able to deliver in the long term.

KPMG approach

How KPMG accompanies you on the way to the TISAX® label

KPMG has been active since the start of TISAX® in 2017 and is one of the most experienced audit service providers in the German market. With extensive practical experience, you will be accompanied on your way to the TISAX® label in an efficient, transparent and future-oriented manner.

Ready to talk? Contact us

Once you have chosen KPMG as your audit provider, the process is divided into three key phases:

Preparation & Self Assessment

In preparation for the TISAX® assessment, you will be supported in carrying out a self-assessment based on the VDA ISA. The evidence you submit will be checked for plausibility and you will be prepared for the assessment.
Carrying out the TISAX® assessment

We coordinate all processes relating to the audit, whether remote, on-site or hybrid. Our experienced teams are on hand to assist you with queries, document checks or coordination and ensure that everything runs smoothly during the TISAX® assessment.
Receipt of the TISAX® label

If no deviations are found in the assessment, you will receive a complete results report and the TISAX® label will be published immediately

As an interdisciplinary firm, KPMG has in-depth expertise in the field of TISAX®. Thanks to our direct dialogue with the ENX Association and our many years of industry experience, we can provide you with competent and practical support while strictly observing the independence required by the regulatory authorities.

Important: For reasons of independence, KPMG will either carry out the TISAX® assessment or accompany you as part of an advisory preparation.

If there are any minor deviations, you will be supported in drawing up an action plan and accompanied until the successful follow-up assessment. During this time, a permanent TISAX® label will be issued with a reference to open measures. This ensures that you remain visible and operational for your partners.

Further services

Our extended consulting services around TISAX®

The TISAX® team is anchored in our Cyber Security & Resilience Consulting division - an interdisciplinary team focussing on sustainable security architectures. This combines technical depth with regulatory understanding and enables us to provide not only audits but also advice if required.

Our consulting services at a glance:

Readiness support, initial GAP analysis and maturity assessment
Targeted preparation for the assessment - individually and precisely tailored to your organisation
Support during the assessment process, including document review and action plan
Information security management system (ISMS) implementation in accordance with the VDA ISA 6 standard
Optimisation of your ISMS for sustainable security and future viability

FAQ

Is TISAX® the same as ISO/IEC 27001?

TISAX® is closely modelled on the international standard ISO/IEC 27001, but supplements it with industry-specific requirements for the automotive industry, particularly in the areas of prototype protection, physical security and confidentiality.

Companies that already operate an ISO/IEC 27001-certified information security management system (ISMS) have a very good basis, but targeted preparation for the TISAX® assessment is still necessary.

Your advantages

Why KPMG is the right partner for your TISAX® project:

Central contact point with global reach

As the central point of contact for TISAX® in Germany, our customers benefit from a comprehensive network of experts and locations worldwide.
One-KPMG-Approach: Standardised. Secure. Reliable.
Our audits and consulting services are carried out exclusively by our own internal teams, without outsourcing or subcontracting. This guarantees:
- Uniform quality standards
- Consistent communication and processes across all project phases
- High level of confidentiality
Diversity of our customers - individuality of our solutions

Whether automotive suppliers in the Tier 1 class, specialised development service providers or smaller companies from completely different sectors such as IT, logistics or catering: our broad customer portfolio shows that TISAX® has become the standard in many areas. Thanks to our expertise and experience, you benefit from customised solutions tailored to your industry, your structure and your specific security requirements.