Compliance Aspekte:
Win Trust with the TISAX Certification Tool

Book a Demo
TISAX Certification


Hosted in Germany

Trusted by

What is TISAX and How We Can Help?

TISAX, or Trusted Information Security Assessment Exchange, is an information security standard (ISA) for the automotive sector that was established by the VDA, Association of the Automotive Industry. The standard is based on the ISO/IEC 27001 and ISO/IEC 27002 standards adapted to the automotive business. Compliance Aspekte offers a software solution and consulting services for TISAX assessment that is flexible and adaptable to individual requirements, protection levels, and best practices.

Benefits of TISAX certification for your

Speak to our expert
  • Stand out as a reliable partner for OEM manufacturers and suppliers
  • Save time and budget by avoiding multiple information security assessments
  • Reduce risk with a risk management system
  • Facilitate collaboration and grow sales
  • Benefit from the unified standard for information security across the automotive industry
  • Conduct maturity assessment of the information security controls in the company.
  • Raise employees’ awareness about information security

Our TISAX Services: All-in-one Solution

TISAX Information Security
Management Tool

TISAX Information Security
Audit and Consulting


We were new to compliance and ISO 27001 implementation and had to go through the sophisticated certification process.

Puzzled by the regulatory complexity, we wanted to find the best way for us to get started. Our project manager (aka security officer) had never worked with such compliance aspects and rules before. So we decided to get third-party assistance and signed up with Compliance Aspekte.

Their guided approach has played a vital role for us. They had all the detailed explanations for compliance checks and risk analyses, including suggestions on how to handle it practically.

Thorsten R.

One of the features we like best about Compliance Aspekte is its streamlined compliance process. The interface has a clean and structured design, ensuring usability and workflow speed. This not only results in a steep learning curve for new users but also lets experienced users minimize effort. At every stage during the security management lifecycle process, recurring tasks like scoping, structural analysis, modeling, and even tracking risks and controls are supported by a variety of features, e.g. mapping controls with multiple requirements, assigning individual assets to different scopes as well as expanding requirement and control catalogs. On top of that, the performance of the platform is great - it is stable and good in terms of speed efficiency. Having Helga, the compliance assistance bot, is also a very special plus as she can explain terms and provides guidance through the application. We really love and live Compliance Aspekte!

Florian Süß
Senior Information Security Consultant at DATA SYSTEMS GmbH

Constantly evolving regulations such as BSI IT-Grundschutz and GDPR are a must for us as a healthcare organization.

As critical infrastructure providers, we need reliable and customizable compliance software. It was easy to adapt Compliance Aspekte to our processes. We can assess our clinic’s areas and processes in terms of security and data privacy. Besides, it enabled us to maintain a complete compliance record for the BSI IT-Grundschutz and GDPR (DSGVO) audit.

Dr. Eckehardt S.
Deputy Director
Book a call

Enjoy the TISAX VDA EXCEL-like Dashboards

TISAX tool

The target maturity levels per chapter are visualized by the green line.

To prepare for a TISAX assessment, your maturity levels in the blue section should be by or above this line.

Your organization is ready for the TISAX assessment if your result score (“Result with cutback to target maturity levels”) is close to ‘3.0’.

For the TISAX certification, you need to conduct a self-assessment based on the ISA by finding out whether your ISMS matches the expected maturity level in the “Information Security Assessment” tabs.

Compliance Aspekte dashboard rates the maturity level of your information security management system per question.


Closer Look at How TISAX Assessment Works?

ISA incorporates significant aspects of ISO 27001 with additional criteria applicable to the automotive industry, i.e., prototype protection. The assessments are shared on the TISAX VDA ISA catalog, granting transparency and simplicity to all the companies involved. They can select an audit provider and get standardized ISA results that other participants in the automotive industry accept.

TISAX Assessment Levels and Protection Needs

TISAX defines three assessment levels and three levels of protection: normal, high, and very high.

TISAX assessment level 1 – normal protection need. It is not used in TISAX but can be implemented for internal purposes in the true sense of a self-assessment. An assessor checks if a completed self-assessment exists but does not examine its content. Can be requested by your partner for a self-evaluation outside of TISAX.

TISAX Assessment level 2 – high protection need. Evaluation is carried out by an audit organization with the self-assessment as a basis, documents, and a phone interview.

TISAX level 3 – a very high protection need. An independent audit company does the assessment based on documentation and an onsite audit.

5 Steps to Get TISAX Certified

Die Edition 2022 des IT-Grundschutz-Kompendiums enthält insgesamt 104 BSI IT-Grundschutz-Bausteine. Darunter sind 7 neue IT-Grundschutz-Bausteine sowie die 97 Bausteine aus der Edition 2021, von denen 16 Bausteine für die Edition 2022 überarbeitet wurden.
Get to know the TISAX requirements.
Get ready
To gain access to the TISAX portal, companies need to register as participants on the official TISAX ENX association website. Choose your auditing body and prepare for the audit. Conduct a self-assessment to measure your compliance and readiness.
The way an audit is conducted depends on whether you qualify for a Level 2 or Level 3 assessment. Level 2 audits are done remotely, while Level 3 audits require onsite inspections. The audit consists of a document review, interviews, clarification of possible findings, and may include the following steps.
Share your results
After you decide which ENX participants to share your ISA results with, the audit provider will upload a TISAX report to the platform.
A corrective action plan (CAP) must be prepared and submitted to the audit provider to resolve gaps revealed during the assessment. Afterward, the CAP is evaluated through a follow-up and completes the TISAX report.

Simplify your TISAX Compliance with Compliance Aspekte

Compliance Aspekte supports VDA Information Security Assessment based on VDA ISA catalog version 5.0.
  • The new catalog is fully implemented in Compliance Aspekte and is easy to work with. It contains the requirements from the spreadsheets “Information security,“ “Data protection“ and “Prototype protection” grouped in corresponding modules. Each requirement/control question is assessed by assigning levels of maturity.
  • The TISAX requirements are displayed granularly and can be assessed separately. This helps to make the evaluation easier and more transparent, and crucially simplifies the decision-making process regarding the maturity level.
  • The criticality of each requirement (must, should, high) and its implementation status is visible. This feature makes it much easier to answer the control question if you see that e.g., all related requirements are implemented. You can go into details and see further information on the requirement, such as a responsible person, documents and tasks assigned, and individually added information. The implementation of requirements can be supported by the creation of corresponding tasks or by adding individual controls. You also have the possibility to conduct a self-assessment.
  • The assessment results of each topic can be seen on a dashboard. This way you always know at what point you are now.
  • Compliance Aspekte allows you to succeed in TISAX assessments in one place and track progress easily.
  • Our TISAX tool also supports a PDCA cycle, so it can help get certified and continuously improve your ISMS.
  • One solution for all standards: with Compliance Aspekte it’s possible to manage multiple standards within a single system, and thus share the efforts, and understand dependencies, current statuses, and other aspects.


Release 9.0
November 16, 2022
Release 9.0

With changing the product name, our team, service, and solid commitment to providing you with the best governance, risk, and compliance software remain unchanged.

Infopulse Standards Compliance Manager Changes Name to Compliance Aspekte
October 28, 2022
Infopulse Standards Compliance Manager Changes Name to Compliance Aspekte

Infopulse Standards Compliance Manager becomes Compliance Aspekte. As part of the latest 9.0 release, the compliance tool received a brand makeover.

Difference Between Data Protection and Data Security
October 5, 2022
Difference Between Data Protection and Data Security

Data lies at the core of every business. It drives decision-making, identifies opportunities, and pinpoints underperforming areas. At the same time, companies accumulate enormous information that can easily become a target point for cyber-criminals.

How Small Businesses Can Solve Compliance Challenges and Which Tools to Use
September 19, 2022
How Small Businesses Can Solve Compliance Challenges and Which Tools to Use

With the fast digital transformation, almost every facet of the business, including compliance, has been impacted. Digitizing compliance and enabling digital record keeping has become a requirement.

Compliance is challenging. There are numerous obstacles to an organization’s compliance. Non-compliance can lead to huge fines or, in the worst-case scenario, the company being forced to close.

Infopulse SCM 8.6: Automatic Migration to IT-Grundschutz 2022 & Powered up Usability
June 14, 2022
Infopulse SCM 8.6: Automatic Migration to IT-Grundschutz 2022 & Powered up Usability

Infopulse SCM 8.6 is out now! Take full advantage of automatic migration to IT-Grundschutz 2022, the import to/from Excel feature, Asset type and protection needs inheritance.


Try for free

Benefit of free usage of the Compliance Aspekte for 3 months to find out how the solution can optimize and streamline your compliance management.

    What Standards are you interested in?

    I have read the privacy policy and agree.

    Sign up for our newsletter

      The abbreviation stands for Trusted Information Security Assessment Exchange. It’s an industry-specific information security standard for the automotive sector managed by the ENX association on behalf of the VDA or the German Automobile Industry Association.

      TISAX is based on the essential requirements of ISO 27001, the internationally recognized standard for information security, and adapted solely for the automotive sector. ISO 27001 is applicable across all industries and depicts requirements, rules, and methods for ensuring information security within a company.
      TISAX is not an obligatory certification. However, it is required and recognized by all the German Automotive Industry Association (VDA) members and original equipment manufacturers such as BMW, Audi, and Volkswagen. Therefore, the TISAX certification is recommended for companies that want to operate in the automotive sector successfully.
      This standard is a trademark of the ENX Association based in Frankfurt am Main, Germany, and Paris, France. It includes automobile manufacturers, suppliers, and other national automotive associations. The main objective of the ENX Association is to facilitate and streamline secure and reliable collaboration over industrial value-added networks. That's why it scrutinizes the quality of the implementation and gives approval to assessment service providers according to a rigorous procedure.
      Here are a few reasons why a software tool might be better for TISAX compliance management:

    • Excel might be a cumbersome tool for handling data protection, governance, and risk management. It does not provide a bird’s-eye view of all your compliance activities in your organization as spreadsheets require a lot of manual input and usually exist in silos apart from one another.
    • Using Excel you should manually make changes in several places as they are not automatically embedded.
    • Excel spreadsheets are not secure. They can be located in different shared folders, and multiple people can access and use them.
    • It’s almost impossible to work in Excel conveniently when multiple people are involved.

      With a special compliance tool in place, you will be spared all the inconveniences and multiple issues you have when working with Excel.
    • The TISAX standard takes its origin from ISO 27001. It also uses ISO 27001 information security controls that define how requirements must be implemented.
      First and foremost, TISAX provides you with better information security and transparency. This certification is recognized by world-famous automotive companies such as Volkswagen, BMW, and Audi.
      Sure. We have the necessary knowledge of the automotive industry and hands-on experience in ISMS implementation. In addition to our TISAX certification tool, our authorized ISMS experts will accurately assess your company’s level of preparedness for an official TISAX assessment.
      Compliance AI bot