Tisax Technical Guide

Mar. 22 2019

TISAX stands for Trusted Information Security Assessment Exchange. Based on ISO 27001, the standard provides automotive industry players with a robust approach to managing information security systems.

Tisax Technical Guide

By certifying to TISAX you will demonstrate your company's commitment to information security and secure data handling. TISAX assessment helps to meet information security requirements defined by VDA (Verband der Automobilindustrie - the German Association of the Automotive Industry) in order to minimize the risk of data breach. 

TISAX Certificate is recognized by all TISAX Board Members which include German OEMs and the most important automotive Tier 1 suppliers. The certificate validity is 3 years with a starting temporary period of 6 months after the audit.

In our service sheet you will read about:

•    The business challenge of securing data in the automotive industry
•    What is TISAX
•    How TISAX works
•    3 key benefits of TISAX
•    Why you should be assessed against TISAX
•    The scope of TISAX
•    TISAX in relation to ISO 27001


Your personal data are collected by Bureau Veritas Services, simplified joint-stock company, having its registered office at 8 Cours du Triangle, 92800 PUTEAUX, France, and are subject to computer processing in order to respond to questions from the media about the Group or its subsidiaries on the basis of your consent, and to respond to customer complaints, on the basis of the service contract that you have entered into with a subsidiary of Bureau Veritas.

Your personal data are intended for the Certification service line or the Quality, Health & Safety and Environment department of the Bureau Veritas Group, depending on the nature of your request, and for their service providers, providing consulting and technical services as well as for the Bureau Veritas IT department. They will be retained for a period of one year for media requests and ten years for customer complaints from your request.

Your personal data can be transferred outside the European Union, in countries where Bureau Veritas subsidiaries operate, on the basis of standard contractual clauses established by the European Commission, available on request, by writing to: https://personaldataprotection.bureauveritas.com.

Fields marked with an asterisk must be filled in. Otherwise, Bureau Veritas Services would not be able to answer your questions and/or complaints.

In accordance with the French Data Protection Act of 6 January 1978 as amended and the General Data Protection Regulation of 27 April 2016, you have the right to access, rectify and erase any personal data concerning you, as well as the right to limit the processing, the right to oppose to the processing or the right to portability of your personal data. You have the right to withdraw your consent at any time by connecting to the site https://personaldataprotection.bureauveritas.com and unchecking the box dedicated to the collection of your consent. You also have the right to set out general and specific guidelines that define how you intend these rights to be exercised after your death. You can exercise your rights online to lodge a complaint to the Commission Nationale Informatique et Libertés (CNIL) in France or the relevant authorities in your country.