TISAX measureswhat really protectsyour supply chain.

OEMs require TISAX labels from their suppliers as a precondition for collaboration on sensitive data, prototypes and proprietary technology. The assessment is run by ENX-accredited audit providers against the VDA ISA control catalogue. Labels and assessment levels (AL1 – AL3) are tailored to the sensitivity of the data exchanged. AL3 in particular demands rigorous technical and physical controls – and is where pentest evidence pays off.

1. PILLAR · 01

   Information Security (AL1 – AL3)

   The core information-security label, scaled by assessment level. We test the technical controls behind the VDA ISA chapters – from access controls and cryptography to logging and incident detection.

2. PILLAR · 02

   Prototype Protection

   Prototypes, components and test vehicles fall under additional, often physical-IT-blended controls. We assess segregation, access, surveillance and the IT infrastructure of prototype handling areas in close coordination with the audit provider.

3. PILLAR · 03

   Data Protection (GDPR-aligned)

   Where the data-protection label is in scope, technical and organisational measures must demonstrably cover the requirements of GDPR Art. 32. We provide the testing and assessment of effectiveness that the clause explicitly demands.

• 01

  Technical assessment of VDA ISA controls in scope

• 02

  Prototype-protection test against the additional control set

• 03

  Findings and remediation aligned with the audit provider's expectations

• 04

  Retest evidence to close gaps before label issuance