Information Security & TISAX®

Owned by Steffi Haas
Last updated: Jul 05, 2024
2 min read

What is TISAX®?

Trusted Information Security Assessment EXchange, short form TISAX®, is a standard for information security defined by the automotive industry.
A TISAX® certificate is the ticket for suppliers to enter the automotive industry: it is the basic requirement to be able to work with OEMs now and in the future.

Why do you need to provide proof of a valid TISAX® certificate to use the CSN service?

As part of the cooperation between specialist departments of Volkswagen AG and partner companies, it may be necessary for these partner companies to obtain access to business secrets (confidential or secret information) of Volkswagen AG or to require a technical connection to the Volkswagen network.

Negligent handling of such information in the infrastructure of a partner company can lead to disadvantages for Volkswagen AG, such as a reduction in competitiveness, a weakening of the information security level or a breach of legal or contractual regulations (e.g. an existing non-disclosure agreement). A potential data leak may result in unforeseeable consequences for the company.

A TISAX® certificate ensures that a partner company demonstrates an appropriate level of information security. This proof must be provided before the technical connection to the Volkswagen and/or Audi partner company network is implemented.

 

Why do you need to provide proof of a valid TISAX® certificate to use the CSN service?

As part of the cooperation between specialist departments of Volkswagen AG and partner companies, it may be necessary for these partner companies to obtain access to business secrets (confidential or secret information) of Volkswagen AG or to require a technical connection to the Volkswagen network.

Negligent handling of such information in the infrastructure of a partner company can lead to disadvantages for Volkswagen AG, such as a reduction in competitiveness, a weakening of the information security level or a breach of legal or contractual regulations (e.g. an existing non-disclosure agreement). A potential data leak may result in unforeseeable consequences for the company.

A TISAX® certificate ensures that a partner company demonstrates an appropriate level of information security. This proof must be provided before the technical connection to the Volkswagen and/or Audi partner company network is implemented.

 

Who assesses the protection needs of your company's information?

The commissioning department of the Volkswagen Group performs the data and information classification in accordance with the

  • the IT security rules and regulations of the Volkswagen Group and

  • the minimum requirements of the applications used in the collaboration with regard to the TISAX® label to be verified.

Depending on the sensitivity of the shared data and information, there are three different assessment levels that suppliers can undergo (confidential / high / very high).

These levels differ in the respective testing procedure and the intensity of the testing.
For the cooperation with the Volkswagen Group the assessment level 2 or 3 has to be proven. The decision is up to your responsible department as described above.

Is proof of a TISAX® label sufficient for the entire company?

No.
Each location of the company that receives data access must provide proof.

How long is the period of validity of the TISAX® label?

After successful completion, the certificate is valid for 3 years. There are no annual surveillance audits.

 

Further Links

ENX documents: Link
TISAX® participant manual: Link
Further information: Link
If you have any questions about the TISAX® process in the Volkswagen Group, please contact the Central Know-how Protection Service (CKPS): fremdfirmenabnahme@volkswagen.de

Telephone: 0800 5 877 877 (within Germany) / +49 375 6061 9904 (international)
Fax: +49 391 580 130 760
E-Mail: csn.service@o-s.de
Impressum: Link