Glossary term
TISAX
Also: Trusted Information Security Assessment Exchange
Audit standard and exchange platform of the German automotive association (VDA) for information security. ISA catalogue is the assessment grid, ENX operates the platform.
TISAX is mandatory for suppliers processing OEM data (Volkswagen, BMW, Mercedes, Audi, Porsche, Stellantis). Levels: TISAX label high, very high, special requirements (prototype protection, data protection, connectivity).
Validity 3 years. Audits by accredited providers, results exchanged anonymously via the ENX platform. Avoids sending separate audit reports to each customer.
TISAX is de facto mandatory in German mechanical engineering and automotive. Without a TISAX label, no OEM contract. Initial certification effort typically 6-12 months.
Related terms
ISO 27001
International standard for information security management systems. Current version ISO/IEC 27001:20…
Supply Chain Risk
Risks from the software and hardware supply chain: compromised open-source packages, build-pipeline …
TCO modelling
A structured estimate of the full lifetime cost of a vendor decision, including licence, implementat…
TIA
Assessment of the protection level in the recipient country for data transfers to third countries af…
TPRM
Discipline and tool category for governing risks from external providers (SaaS, cloud, outsourcing, …
Trade-off analysis
The explicit documentation of what each option gives up to deliver its strengths. Good trade-off ana…
AI Act Conformity Assessment
Procedure to demonstrate that a high-risk AI system complies with the EU AI Act before being placed …
AI Act Risk Categories
Four-tier classification under the EU AI Act: prohibited (Art. 5), high-risk (Annex I/III), limited …