Digital transformation and increasing connectivity are fundamentally changing the automotive industry—especially in the area of information security. At the same time, data-driven business models are creating considerable potential. To meet the associated requirements, the ENX Association has developed the Trusted Information Security Assessment Exchange (TISAX®) on behalf of the German Association of the Automotive Industry (VDA).
What is TISAX®?
TISAX® (Trusted Information Security Assessment Exchange) is an information security assessment and exchange mechanism based on the VDA Information Security Assessment (ISA). Its aim is to evaluate security requirements in a uniform manner and to exchange results between partners in a trustworthy manner without multiple assessments.
Who needs a TISAX® label?
A TISAX® label is a prerequisite for working with many OEMs (original equipment manufacturers) and Tier 1 suppliers in the German and international automotive industry. It is increasingly becoming mandatory for:
- Development service providers
- Manufacturing companies
- Manufacturing companies with access to prototypes
- IT and cloud providers
- Logistics service providers
- Engineering firms and consultancies with OEM contact
Small and medium-sized enterprises in the supply chain must also provide TISAX® certification in order to remain capable of delivering in the long term.
KPMG approach
How KPMG supports you on your way to obtaining the TISAX® label
KPMG has been active since the launch of TISAX® in 2017 and is one of the most experienced audit service providers in the German market. With comprehensive practical experience, they will accompany you efficiently, transparently, and with a forward-looking approach on your path to obtaining the TISAX® label.
Once you have chosen KPMG as your audit provider, the process is divided into three key phases:
1. Preparation & Self Assessment
In preparation for the TISAX® assessment, you will be guided through a self-assessment based on the VDA ISA. The evidence you submit will be checked for plausibility and you will be prepared for the audit.
2. Conducting the TISAX® assessment
We coordinate all audit-related processes, whether remote, on-site, or hybrid. Our experienced teams are available to assist you with any questions, document reviews, or coordination, ensuring that the TISAX® assessment runs smoothly.
3. Obtaining the TISAX® label
If no deviations are found in the assessment, you will receive a complete results report and the TISAX® label will be published immediately.
As an interdisciplinary firm, KPMG has in-depth expertise in the field of TISAX®. Thanks to our direct exchange with the ENX Association and our many years of industry experience, you will receive competent and practical support in strict compliance with the regulatory requirements for independence.
Important: For reasons of independence, KPMG will either carry out the TISAX® assessment or provide you with advisory support during your preparations.
If minor deviations occur, you will be supported in drawing up an action plan and accompanied until the follow-up assessment is successfully completed. During this time, a permanent TISAX® label will be issued with a note on outstanding measures. This ensures that you remain visible and operational for your partners.
Additional services
Our expanded consulting services for TISAX®
The TISAX® team is part of our Consulting Cyber Security & Resilience division—an interdisciplinary team focused on sustainable security architectures. This combines technical depth with regulatory understanding, enabling us to offer not only testing but also consulting services as needed.
Our consulting services at a glance:
- Readiness support, initial gap analysis, and maturity assessment
- Targeted preparation for the assessment—tailored to your organization's specific needs
- Support during the audit process, including document review and action plan
- Information security management system (ISMS) implementation in accordance with the VDA-ISA-6 standard
- Optimization of your ISMS for sustainable security and future viability
Your advantages
Why KPMG is the right partner for your TISAX® project:
Central point of contact with global reach
As the central point of contact for TISAX® in Germany, our customers benefit from a comprehensive network of experts and locations worldwide.
One KPMG approach: Consistent. Secure. Reliable.
Our audits and consulting services are carried out exclusively by our own internal teams without outsourcing or subcontracting. This guarantees:
Uniform quality standards
Consistent communication and processes across all project phases
A high degree of confidentiality
Diversity of our customers – individuality of our solutions
Whether Tier 1 automotive suppliers, specialized development service providers, or smaller companies from completely different sectors such as IT, logistics, or catering: our broad customer portfolio shows that TISAX® has become the standard in many areas. Thanks to our expertise and experience, you benefit from tailor-made solutions tailored to your industry, your structure, and your specific security requirements.
Frequently asked questions
Is TISAX® similar to ISO/IEC 27001?
TISAX® is closely based on the international standard ISO/IEC 27001, but supplements it with industry-specific requirements for the automotive industry, particularly in the areas of prototype protection, physical security, and confidentiality.
Companies that already operate an ISO/IEC 27001-certified information security management system (ISMS) have a very good foundation, but targeted preparation for the TISAX® assessment is still necessary.