TISAX, a standard in the automotive industry

Based on the standard ISO 27001 and adapted to the requirements of the automotive field, the TISAX (Trusted Information Security Assessment Exchange) standard was developed by the VDA (Verband der Automobilindustrie, the German automotive industry association) in partnership with an association of European automotive manufacturers, called the European Network Exchange (ENX).

The TISAX security audit standard allows the mutual acceptance of information security assessments (carried out by trusted and certified third parties) in the automotive industry and provides a common evaluation mechanism for professional exchanges. The TISAX standard is deployed by manufacturers such as Volkswagen, BMW, Audi, Porsche, Mercedes, Daimler. It is also used by equipment suppliers such as Continental, Bertrand, Bosch, Magna Steyr, to check their IT security.

The idea is to create added value to data exchanges between manufacturers and suppliers in order to reduce costs and save time. For instance, to what extent can a partner (a manufacturer) “trust” a supplier or another partner? And how will the confidential information be properly handled and protected?

To answer these questions, the TISAX assessment allows, based on objective criteria, to certify the implementation of security measures in relation to objectives. Thus, a “community” of TISAX-certified users can work together in a network and most importantly with complete trust.

The four main themes of the TISAX assessment are information security, connections to third parties, prototype manipulation and data protection.

In particular, the TISAX assessment ensures that an ISMS (Information Security Management System) is deployed and controlled (without the need to be ISO 27001 certified). The implementation of a thoughtful and structured ISMS already provides a guarantee of trust and quality.

As a software publisher, Systancia offers solutions that meet the security needs of any organization.

Systancia provides the new generation of application delivery infrastructure, focused on security and users. It is a known European player in the virtualization, cybersecurity and digital trust markets, and its product portfolio includes :

• Systancia Workplace, formerly AppliDis Fusion,  for application and desktop virtualization (VDI);
• Systancia Gate, formerly IPdiva Secure, for identification, authentication and access control;
• Systancia Cleanroom, formerly IPdiva Safe, for the monitoring of privileged users (PAM);
• Systancia Cleanroom, formerly IPdiva Cleanroom, for the separation between the administration environment and the usual environment;
• Avencis SSOX for unified authentication (SSO) and more secure connections to IS resources;
• Systancia Identity, formerly Avencis Hpliance, for identity and access management (IAM) to allow the organization modeling and the definition of automatic permission assignment rules.

Since 2018, all companies wishing to work for customers in the German automotive industry need a TISAX certificate. Systancia is able to provide the technological components to meet the technical needs required for the TISAX certification process.

Antoine COUTANT – Chief Cybersecurity Officer