TISAX – the VDA standard for information security in the automotive industry


The Trusted Information Security Assessment Exchange “TISAX” was developed by the VDA in accordance with ISO 27001.

Service providers and suppliers of the automotive industry can prove their compliance with the TISAX catalogue of requirements by proving that they meet the high requirements of their clients with regard to security criteria.

The proof is to be provided every 3 years by participating in a TISAX procedure.


Level of maturity according to ISO/IEC 27001 in the automotive industry (source QSEC®)

QSEC® – TISAX and/or ISMS according to ISO 27001 for automobile industries

QSEC, the data protection, GRC and ISMS software has been implemented in the automotive industry since years and offers the best possible support in setting up and operating an information security management system according to ISO 27001/BSI standard and the automotive standard TISAX.
Furthermore, the data protection integrated in QSEC allows the implementation of all requirements from the GDPR and a separate data protection tool is no longer necessary.

Market leading automotive companies and automotive suppliers have already been successfully certified according to ISO 27001, VDA TISAX and VDA-PTS (prototype protection) using QSEC.
The use of QSEC supports the optimization of all security management processes through seamless process management with integrated workflow function.

Risks are reliably identified and evaluated so that measures can be efficiently derived and implemented. All information security processes are analyzed, processed and clearly managed in QSEC, including all associated documents. With a lot of content and integrated suggestions and sample documents, QSEC supports the security management process according to the TISAX specifications quickly and comprehensively. An always up-to-date historization and documentation is ensured and responsible persons are optimally supported in terms of human and financial resources.


Preparation of the audit, development and establishment of an ISMS

Additional benefits: QSEC has the advantage that the software can be used beyond data protection, ISMS and TISAX functionalities as an integrated management system for the management of many other norms and standards, such as anti-corruption management according to (ISO 37001) or quality management (ISO 9001) as well as IATF 16949.
The catalog entry and maintenance tool can also be used to easily include internal company standards or various other standards according to which testing is to be performed in QSEC.


References – Automotive (extract):

  • Küster Holding GmbH
  • ACPS Automotive GmbH
  • Volkswagen Osnabrück GmbH
  • Schröter Modell und Formenbau GmbH

References & case studies


QSEC Online-Demo