TISAX Review and Advisory
Over 150 automotive manufacturers and suppliers require TISAX from partners. We'll guide you through the entire process - from gap assessment to successful audit. Open doors to contracts with BMW, VW, Daimler and others.
What is TISAX Review and Advisory?
TISAX Review and Advisory guides automotive suppliers through the complete TISAX certification process — from gap analysis against the ISA Catalog to obtaining the Label on the ENX portal — required by 150+ OEMs and Tier 1 suppliers including BMW, VW, and Daimler. nFlo handles scope definition, Assessment Level determination (AL1–AL3), security control implementation, documentation, and audit support, typically completing the process in 3–6 months.
Without TISAX you won't supply German car manufacturers
Comprehensive TISAX audit preparation
Gap Analysis
Compliance assessment with ISA Catalog and VDA-ISA
Control Implementation
Implement missing security controls
Audit Preparation
Support in TISAX certification process
Lost Contract with Tier 1 - Supplier Story
Polish electronic components manufacturer lost a €5M contract with German Tier 1 supplier. Reason? No TISAX certificate. Competitor from Czech Republic with certificate won, despite having 8% higher price.
Without TISAX certificate:
- Exclusion from OEM tenders (BMW, VW, Daimler, Audi)
- Loss of contracts with Tier 1 suppliers working with automotive
- Need to undergo multiple audits from different customers
- No access to confidential technical and design data
From Gap Analysis to Label on ENX Portal
We don’t leave you with a list of requirements to fulfill. We guide through the entire process from current state assessment to obtaining Label in ENX system, which opens doors to the entire automotive industry.
What you get:
- Compliance assessment with ISA Catalog (Information Security Assessment)
- Required Assessment Level determination (AL1, AL2, AL3)
- Implementation plan for missing security controls
- Policy and procedure documentation compliant with VDA-ISA
- Evidence preparation for auditor
- Support during certification audit by accredited audit provider
- Assistance in obtaining TISAX Label in ENX portal
Key TISAX Implementation Areas
TISAX certification preparation requires a systematic approach across the three main assessment areas defined in the ISA Catalog (Information Security Assessment).
Information Security — covers 41 controls based on ISO 27001, extended with automotive-specific requirements. We implement information classification policies aligned with OEM confidentiality levels (e.g., “Streng vertraulich” for German manufacturers), access controls for design data, encrypted communication with supply chain partners, and mobile device and removable media management.
Prototype Protection — a critical area for suppliers handling test vehicles, pre-production components, or CAD data. We implement physical protection zones (cameras, access control, photography policies), prototype labeling and tracking procedures, and transport controls for sensitive components. This area requires both technical and physical security measures that go well beyond standard IT security.
Data Protection — we ensure GDPR compliance within the TISAX context, covering processing of employee and test driver data, data processing agreements with subcontractors, and data retention and deletion procedures. TISAX requires demonstrable GDPR compliance as a precondition for Label issuance.
For each area we build the complete documentation set required by the auditor: policies, operational procedures, registers, and implementation evidence. We also prepare your team for auditor interviews through mock audit sessions that simulate the actual Assessment process, identifying weak points before the formal audit begins.
Who Is It For?
This service is for you if:
- You supply components, software or services to automotive industry
- Your customer requires TISAX certificate as collaboration condition
- You want to open new markets in automotive supply chain
- You need to prove secure management of OEM data and intellectual property
- You need one certificate accepted by multiple manufacturers
What is TISAX?
Trusted Information Security Assessment Exchange
TISAX is a common information security assessment mechanism in automotive industry, managed by ENX Association (European Network Exchange).
Assessment Levels:
| Level | For Whom | Scope |
|---|---|---|
| AL1 | Basic protection | Self-assessment |
| AL2 | Standard protection | 3rd party audit |
| AL3 | High protection | Extended audit + tests |
Assessment Areas:
- Information Security (ISO 27001 + automotive specifics)
- Prototype Protection
- Data Protection (GDPR compliance)
Related Glossary Terms
Learn more about key concepts related to this service:
Contact your account manager
Discuss TISAX Review and Advisory with your dedicated account manager.
How we work
Our proven service delivery process.
Scoping
Define scope and Assessment Level
Gap Analysis
Compliance assessment against ISA Catalog requirements
Remediation
Implement missing security controls
Documentation
Prepare policies, procedures and evidence
Audit Support
Support during certification audit
Benefits for your business
What you gain by choosing this service.
Contract Access
Qualify for automotive OEM tenders
One Certificate
Accepted by all manufacturers in the industry
IP Protection
Secure customer data and intellectual property
Predictable Process
Know what and when to do - no surprises
Related Articles
Expand your knowledge with our resources.
CVE-2026-37531: Zip Slip and TOCTOU in Automotive Grade Linux app-framework-main
AGL app-framework-main through 17.1.12 contains a Zip Slip path traversal (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow, allowing files to escape the intended directory.
Read more →What Is Data Anonymization? Methods, GDPR, and Information Security
Data anonymization prevents the identification of individuals. Learn about methods, GDPR requirements, and security.
Read more →The vCISO (Virtual CISO) service: How to gain strategic expert support without full-time costs?
Every mature company needs a cyber security strategy, not just a collection of tools. But hiring an experienced Chief Information Security Officer (CISO) is a cost that runs into the hundreds of thousands annually and a huge recruiting challenge. The vCISO (Virtual CISO) service is a flexible and co
Read more →Frequently Asked Questions
Common questions about TISAX Review and Advisory.
How long does it take to prepare for TISAX certification?
From gap analysis to obtaining the Label on the ENX portal typically takes 3-6 months, depending on the current compliance level and the required Assessment Level (AL2 or AL3).
What Assessment Level do I need - AL1, AL2 or AL3?
AL2 (audit by an accredited firm) is most commonly required by OEMs and Tier 1 suppliers. AL3 (extended audit + tests) applies to companies handling data of the highest confidentiality, e.g. prototypes. We help determine the appropriate level during the scoping phase.
Does TISAX replace ISO 27001 certification?
TISAX is based on ISO 27001, but extends it with requirements specific to the automotive industry - prototype protection and personal data. Having ISO 27001 significantly shortens TISAX preparation, but does not replace it.
Do you help with recertification after obtaining the Label?
Yes, the TISAX Label is valid for 3 years. We offer support in maintaining compliance and preparation for recertification, including review of changes to the ISA Catalog and documentation updates.