Stay up to date

News, tips and hints from our TISAX® world

Do I need TISAX if I already have ISO 9001 or ISO 27001?

To provide an overview, the standards and mechanisms are briefly explained.


TISAX® (Trusted Information Security Assessment Exchange) is the automotive industry’s (VDA) response to the growing need for security among project partners regarding confidential information. It is a mechanism for testing and exchange to recognize results of information security tests in the automotive industry.

ISO 9001:

ISO 9001 is the international standard for quality management systems (QMS). QMS describes a collection of processes, guidelines, defined procedures and records. This collection of documentation defines a set of internal rules that determine how a company produces and delivers products or services to customers. The QMS should be tailored to the needs of your company and the products or services offered. The ISO 9001 standard provides a series of guidelines for this. These ensure that all the important features of a successful QMS are incorporated into your strategy.

ISO 27001:

The international standard ISO/IEC 27001 specifies the requirements for the establishment, implementation, maintenance and continuous improvement of a documented information security management system, taking into account the context of an organization. In addition, the standard contains requirements for the assessment and treatment of information security risks according to the individual needs of the company.

In short: ISO 27001 is an international and cross-industry standard in the field of information security.

And what exactly is the difference?

The most important aspect is that TISAX® is a specialized and automotive-specific standard for the exchange of information security assessment results. The tests are based on the VDA-ISA standard of the VDA, which in turn is based on parts of ISO 27001 and specifies areas in more detail. In addition, automotive industry-specific requirements, such as prototype protection, are amended. Its main use is to protect the information security systems of car manufacturers and their suppliers.

TISAX® or the VDA-ISA is an industry-specific standard, specifically for the automotive industry, and not, as with ISO 27001 and ISO 9001, an international, cross-industry standard.

However, ISO 9001 is a good starting point for TISAX®: once the basic principles, processes and regulations of the QMS have been defined, a quick and uncomplicated transition to the TISAX® assessmentcan take place. However, ISO 9001 cannot replace TISAX® under any circumstances.

Information security as the basis of the standard combines both ISO 27001 and TISAX®.

However, in contrast to the more general ISO/IEC 27001 standard, the VDA-ISA extends ISO 27001 to include industry-specific requirements for the automotive industry, such as prototype protection, third-party integration and data privacy.

Compared to ISO 27001, TISAX® has more and more specific scopes – also in the area of ISMS.

For all OEM suppliers – and that includes media agencies, printers, marketing companies, stand builders, photographers etc. who work with clients within the automotive industry – TISAX® is the standard used and necessary for your Competitive ability. In many cases, a TISAX® label is already required in the tender procedures.

We are happy to advise you nonobligatory in an initial consultation if you have any questions or doubts as to whether TISAX® is necessary for your company.