Long gone are the days when passenger cars were simple, mechanical structures. Today, a new passenger car contains up to 50-100 million (!) code lines, which can reach 300-650 million for some luxury cars. Many consider the world-famous Tesla cars 'four-wheeled computers' due to artificial intelligence, data collection, and on-the-fly software updates. 

At the same time, the increasing complexity of car manufacturing has brought new challenges: cybersecurity and information security management have become key issues. The security of data learned during production must be ensured. It has, therefore, become much more important that confidential data generated during the entire production cycle, especially by Tier 1 and 2 suppliers, is properly protected. It is in this context that TISAX, a new uniform information security standard, has been introduced. 

What is TISAX? 

TISAX (Trusted Information Security Assessment Exchange) is an information security assessment and exchange mechanism that allows mutual recognition of assessment results between participants. TISAX is a standard developed for automotive suppliers and service providers to protect confidential information. It adopts a maturity-based approach to information security assessment relevant to the automotive industry and creates a uniform level of security across the automotive industry, reducing costs and complexity for manufacturers and suppliers.  

TISAX is based on the key elements of the ISO/IEC 27001 Information Security Management System, supplemented with parts relevant to the automotive industry, and is based on the ISA (Information Security Assessment) questionnaire developed by the VDA (German Association of the Automotive Industry). 

Why is TISAX important? 

The importance of TISAX lies in the standardisation of information security in the automotive industry. It helps companies assess whether their security practices meet the standards expected by their business partners, thereby enhancing trust and efficiency. TISAX supports organisations in complying with legal requirements, ensuring that sensitive information is properly managed. 

From a Hungarian perspective, in a domestic automotive manufacturing industry that is intertwined with the German economy in a thousand different ways, obtaining TISAX is essential: without it, no supplier can do business with the European industry ecosystem.  

The TISAX certificate (label) enables companies to share their assessment results with their partners and suppliers and to build further trust in their activities. In addition, the certification standardises information security requirements in the automotive industry, reducing costs and complexity. 

TISAX and information security incidents 

Historically, the automotive industry has not placed much emphasis on cybersecurity. However, the digitalisation of the industry and the complexity of supply chains have made the industry extremely vulnerable to cyber threats. One of the objectives of TISAX is to prevent information security incidents and cyber-attacks and identify and manage risks.  

Is it a big issue? Well, it's getting bigger. A 2025 Global Automotive Cybersecurity Report by Upstream, the firm that deals with this issue, highlights alarming trends: cyber incidents increased by 39% in 2024, ransomware attacks have soared, and data leakage crimes are a concern for automotive industry players. 

It is easy to see that TISAX, with its uniform and high-level compliance requirements, aims to curb these trends. 

Preparing for the audit 

The TISAX audit and the road to it is a lengthy and highly skilled process. Understanding and adapting the requirements to the company's specificities, managing costs, regularly reviewing and improving processes, training staff, and monitoring changes to the TISAX framework can all present new challenges for an organisation implementing an information security management system or about to be audited. Ultimately, companies participating in an audit should achieve a rating of at least level 3 in the 0-5 range. 

The audit’s complexity can be illustrated by the detailed processes. These include the Assessment Objectives, which are key to the TISAX assessment. Here, the relevant requirements of the information security system are defined. At least one, and possibly more, should be selected (e.g. information security, high availability, prototype protection, data protection, etc.), depending on the organisation's business, the type of data it handles and its customer commitments. The selected objectives determine the overall audit assessment level (Assessment Levels). AL1 is used for internal self-assessment, while AL2 or AL3 is required to obtain the TISAX label. 

In most cases, this knowledge is unavailable in-house, and an external party, an interim manager, must be consulted. 

The role of the interim manager in preparing for TISAX 

Through their expertise, interim managers can help streamline the preparation process and ensure that organisations are adequately prepared to meet the TISAX certification requirements. 

A TISAX success story from Interim Ltd. 

What happens when a company's preparation or audit has been stalled for months, and internal communication breakdowns are making things difficult? Interim Ltd's specialists achieved significant results on day one, transforming processes and resulting in a successful audit despite the short timeframe. Read more about the case study here.