TISAX – Security for the automotive industry

In this article you will read about,

• what's behind TISAX,
• what TISAX means for automotive companies
• and which TISAX protection levels are met by the Open Telekom Cloud.

"Do you have TISAX certification?" Companies that offer IT services, for example cloud services, to companies in the automotive environment can very quickly find themselves confronted with this question. 

Frequently, automotive companies require IT service providers - whether for a project-related or long-term collaboration - to have TISAX certification. This proves that various aspects of IT and data security are fulfilled. This is understandable, because data worthy of protection often plays an important role in the extensive supply chains of the automotive industry. This can be personal data such as the name of a recipient, but also intellectual property such as information from research and development that is exchanged between development partners.

TISAX stands for Trusted Information Security Assessment Exchange. The German Association of the Automotive Industry (VDA) first developed the industry-specific standard in 2017 together with the ENX Association. Version 5.0 was published in October 2020. A TISAX certificate ensures that the respective provider - which does not necessarily have to be an IT provider - has implemented security measures to guarantee confidential information and the secure exchange of data along the automotive supply chain. This is based on the requirements of the VDA-ISA (Information Security Assessment). This in turn is based on common international standards such as DIN ISO 27001. Depending on the level of requirements, the TISAX certificate is issued in four protection requirement levels.

At level 1 (Basic Protection), service providers guarantee basic IT security measures and compliance with general data protection conditions. At level 2 (Enhanced Protection), IT service providers must have implemented a comprehensive information security management system (ISMS). Level 3 (High Protection) also provides for risk management that offers robust controls for identifying, assessing, and addressing information security risks. Level 4 (Very High Protection) includes specific security requirements for critical infrastructure or particularly sensitive information.

For more information on TISAX, see the ENX Handbook. 

The Open Telekom Cloud was already certified in 2018, shortly after the introduction of TISAX, as part of a T-Systems-wide process and can therefore be used for automotive projects without any problems. In 2023, between January and June, DEKRA carried out a review and recertification according to TISAX. In the process, the Open Telekom Cloud team also decided to include the new Alsmeer and Almere sites in the certification. 

The Open Telekom Cloud thus also achieved protection level three for the Netherlands region, which corresponds to a high level of protection for sensitive data. The official entry of the Open Telekom Cloud can be found on the portal of the ENX Association, which acts as the central governance organization in the TISAX system, under the code P0R4YM. Interested parties can obtain the official DEKRA test report on request at service@open-telekom-cloud.com.

The TISAX certification proves that the Open Telekom Cloud protects its users in the automotive industry from data breaches, data leaks, cyber-attacks and industrial espionage, among other things, or minimizes the impact of such security incidents.

This means that automotive companies can now use services not only from the EU-DE region, but also from EU-NL to support their business processes. This can be useful to realize geo-redundancy or to ensure low latencies for services in the UK or Benelux.