Trusted Information Security Assessment Exchange
Trusted Information Security Assessment Exchange (TISAX) is an assessment and exchange mechanism for the information security of enterprises, developed by the ENX Association[1] and published by the Verband der Automobilindustrie (German Association of the Automotive Industry or VDA). TISAX concerns the secure processing of information from business partners, the protection of prototypes and data protection in accordance with the General Data Protection Regulation (GDPR) for potential business transactions between automobile manufacturers and their service providers or suppliers. The VDA established TISAX in 2017 together with the ENX Association.[2]
Tests according to TISAX, especially for service providers and suppliers, are carried out by "TISAX test service providers". The ENX Association acts as a governance organization in the system. It approves the testing service providers and monitors the quality of the execution and the assessment results. This is to ensure that both the results at the end correspond to a desired quality and objectivity, and that the rights and obligations of the participants are safeguarded. This allows a company to decide whether the resulting maturity level of the supplier (service providers and suppliers) meets the requirements of the buyer.
The testing requirements have been revised several times. In October 2020, the status 5.0 was published. Backgrounds, areas of application, execution processes and testing requirements are summarized in a manual.[1]
GitHub is a participant in TISAX with an Assessment Level 2 (AL2) label in the ENX Portal.[3]
References
[edit]- ^ a b Pravitz, Sven. "Das Wichtigste zum Tisax-Update". Automobil Industrie. Retrieved 29 November 2022.
- ^ Otto, Christian. "TISAX: Zertifiziert oder außen vor". Automobil Industrie. Retrieved 29 November 2022.
- ^ "Announcing TISAX for GitHub · GitHub Changelog". The GitHub Blog. 1 October 2024. Retrieved 2 October 2024.