TISAX Consulting Services – Automotive Information Security Assessment Support

What Is TISAX?

TISAX is not a certification like ISO 27001.
It is a standardized assessment process recognized by major automotive OEMs including:

• Volkswagen Group

• BMW Group

• Daimler

• Porsche

• Audi

• And other global manufacturers

The assessment is conducted by ENX-approved assessment providers and results are shared through the ENX portal.

TISAX is built on the VDA ISA (Information Security Assessment) catalog, which evaluates:

• Information security controls

• Prototype protection

• Data protection and privacy

• Supplier information security maturity

Who Needs TISAX?

You may require TISAX if you:

• Provide components or software to automotive OEMs

• Handle confidential OEM drawings or technical data

• Process prototype information

• Access development or production networks

• Store or process sensitive supplier data

• Have contractual TISAX requirements in your supplier agreements

TISAX is often mandatory for Tier 1 and Tier 2 suppliers.

TISAX Assessment Levels

TISAX defines different Assessment Levels (AL):

AL1 – Self-Assessment

Used for lower-risk information scenarios.

AL2 – Plausibility Check

Common for most suppliers handling confidential information.

AL3 – High Availability & Critical Systems

Required when handling highly sensitive data or critical prototype environments.

Most OEM requests require AL2 or AL3.

Our TISAX Consulting Approach

We support you through the full lifecycle — from scoping to ENX portal registration and assessment preparation.

1. Gap Assessment (VDA ISA-Based)

• Review current ISMS controls

• Evaluate security maturity

• Identify control deficiencies

• Deliver remediation roadmap

2. Implementation & Remediation

• Develop or update ISMS documentation

• Strengthen access control and network security

• Establish risk management processes

• Implement incident response procedures

• Align HR security and supplier controls

3. ENX Portal & Scope Definition

• Define assessment scope

• Determine correct assessment level

• Support ENX portal registration

• Coordinate with approved assessment providers

4. Internal Audit & Pre-Assessment

• Conduct mock assessment

• Validate objective evidence

• Identify remaining gaps

• Prepare leadership and IT teams

TISAX vs ISO 27001

Many organizations ask whether ISO 27001 is enough.

While ISO 27001 provides a strong foundation, TISAX:

• Uses the VDA ISA control structure

• Has automotive-specific maturity expectations

• Requires ENX-recognized assessment providers

• Includes prototype protection modules

If you already have ISO 27001, TISAX implementation is significantly easier — but still requires alignment.

Common TISAX Gaps We Identify

• Incomplete risk documentation

• Weak supplier security controls

• Insufficient evidence of control effectiveness

• Lack of formal prototype handling procedures

• Gaps in network segmentation

• No structured vulnerability management program

We close these gaps with practical, auditable controls.

Benefits of TISAX Assessment

Achieving TISAX assessment readiness provides:

• Eligibility to supply major automotive OEMs

• Reduced customer security questionnaires

• Stronger cybersecurity posture

• Competitive advantage in automotive bids

• Improved internal risk governance

For many suppliers, TISAX is not optional — it is a market access requirement.

Why Work With Wintersmith Advisory?

We specialize in structured management systems and risk frameworks.

Our background in:

• ISO 27001

• Enterprise risk management

• Automotive supplier compliance

• Regulatory system integration

allows us to build TISAX-aligned systems that are:

✔ Practical
✔ Evidence-driven
✔ Efficient
✔ Integrated into your existing management system

We don’t just help you pass the assessment — we help you build a defensible security framework.

Start Your TISAX Journey

Whether you need:

• A VDA ISA gap assessment

• Full TISAX implementation

• ENX portal guidance

• AL2 or AL3 preparation

• Pre-assessment audit support

We can structure a clear roadmap and guide you through the process.

TISAX enables automotive trust.
We help you earn it.