HomeCompliance › TISAX

TISAX compliance software for automotive suppliers.

VDA ISA 6 control library with prototype-protection and data-protection overlays, OEM notification timers, sub-supplier flow-down, and an ENX-ready evidence pack you can hand the assessor. Built for tier-1, tier-2 and engineering suppliers across Europe.

Open the portal See pricing

What is TISAX?

TISAX (Trusted Information Security Assessment eXchange), operated by ENX on behalf of the German automotive association VDA, is the de-facto assessment scheme for European automotive supply-chain information security. The underlying catalogue is the VDA ISA. Most OEMs - Volkswagen, BMW, Mercedes-Benz, Stellantis, Ford-of-Europe - require an active TISAX label at the appropriate assessment level (AL2 or AL3) as a condition for awarding sensitive work.

Who needs to comply

  • Tier-1, tier-2 and tier-3 component suppliers
  • Engineering services suppliers (ESPs) and tooling vendors
  • Test centres handling prototype vehicles
  • SaaS vendors and IT-services suppliers serving the automotive sector

Key TISAX controls covered by Dazr

VDA ISA 6 control libraryPre-loaded controls across IS policies, HR, asset management, incident, supplier and prototype protection.
Prototype-protection registerZones, visitor flow, photo policy and public-road handling for prototype assets.
OEM notification timersIR runbook with the OEM-specific notification SLA wired in - usually 24 hours.
Sub-supplier flow-downTrack which sub-suppliers have an active TISAX label and at what level.
Awareness trainingAnnual e-learning + sector module for prototype handlers; >= 95% completion target.
ENX-ready evidence packRead-only assessor view + single-PDF export when the assessor arrives.

What auditors look for

An ENX assessor walks the VDA ISA controls, asks for prototype-protection evidence, samples your sub-supplier flow-down clauses and tests your IR runbook against the OEM-notification SLA. Dazr puts all of that in one workspace and tracks the recurring evidence between cycles.

How Dazr helps with TISAX

  • Hold the VDA ISA 6 control library with prototype and data-protection overlays
  • Track sub-supplier assessment status in the supplier register
  • Manage prototype zones, visitor briefings and photo policy as recurring tasks
  • Run TISAX alongside ISO 27001 and GDPR for evidence reuse
  • Hand the ENX assessor a read-only view or a single-PDF audit trail

Back to the full Dazr Compliance overview › | Sign up free ›

TISAX questions, answered.

What is TISAX?

TISAX (Trusted Information Security Assessment eXchange) is the automotive industry assessment scheme based on the VDA ISA catalogue. It is mandatory for most European OEMs as a condition for receiving sensitive information or prototype access.

How does TISAX relate to ISO 27001?

The VDA ISA catalogue is heavily aligned with ISO 27001/27002 plus automotive-specific overlays for prototype protection and data protection. If you are already certified to ISO 27001, the overlap is significant - enable both frameworks in one workspace and reuse evidence.

Do you support assessment level 2 and 3?

Yes. The Dazr control library covers VDA ISA 6 controls applicable at AL2 and AL3. Prototype-protection and data-protection overlays are flagged separately so you can scope to the labels your customers require.

Where is data hosted?

European Union only. AES-256-GCM at rest.

Ready to start your TISAX program?

Free for one user. Pro €29/mo and Enterprise €299/mo are self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

Open the portal All frameworks