Trusted Information Security Assessment Exchange (TISAX)

TISAX is originated from the internal information security audits of German automotive OEMs for its suppliers in order to evaluate an adequate level of information security within the entire automotive supply chain. It has been gradually expanded to German automotive industry through VDA (providing the information security standards) & ENX (providing the platform for the TISAX registration, Label exchange and accreditation for the TISAX audit providers) and has established a common assessment and exchange mechanism for evaluating supplier’s information security capabilities. TISAX and the corresponding information security assessment were introduced in 2017 and became mandatory for automotive suppliers. Automotive suppliers (providing parts, components, services etc.) must implement and maintain an Information Security Management System (ISMS), afterwards pass the corresponding level of TISAX audit in order to further be contracted by an OEM and/or enter the German automotive market.

KPMG AG Wirtschaftsprüfungsgesellschaft, as an ENX accredited TISAX audit service provider, enjoys good reputation globally with professional audit experience. KPMG China strictly follows our global cyber service standard and internal TISAX audit process who can provide one-stop service to Chinese clients. Due to the mutual teamwork of the German and Chinese KPMG TISAX professionals, the service carried out by KPMG minimises communication costs, audit cycles and increases efficiency in the entire audit process include achieving the TISAX label. We are also able to provide customised services according to the needs of clients.

The participants within the TISAX process are in general classical parts and/or components manufacturer on domestic and multinational companies. The locations which are subject to a TISAX audit include R&D centers, Headquarters, office locations, laboratories as well as production factories and test areas.

As the car itself evolves to become more climate efficient and digital, companies in the field of new energy vehicles, mobile internet and autonomous driving with its corresponding technical R&D as well as related services became also an indispensable part of the automotive supply chain. Many more well know tech giants as well as highly innovative start-ups started their TISAX journey.

Furthermore, companies engaging in market research and/or customer centric services (like research agencies) as well as companies providing supporting ICT services (including system operation, mail services, cloud services etc.) also needs to provide a valid TISAX label to its OEM-clients and/or automotive clients.