Trusted Information Security Assessment Exchange (TISAX)
In this article
The Trusted Information Security Assessment Exchange (TISAX) is administered by the ENX Association on behalf of the German Association of the Automotive Industry (Verband der Automobilindustrie, VDA).
VDA developed an information security assessment (ISA) as a catalog of criteria for assessing information security. The VDA ISA is based on the ISO/IEC 27001 and ISO/IEC 27002 standards adapted to the automotive industry. In 2017, the VDA assessment was updated to cover controls for the use of cloud services.
VDA member companies used the ISA both for internal security assessments and for assessments of suppliers, service providers, and other partners that process sensitive information on their behalf. However, because these evaluations were handled individually by each company, they created a burden on partners and duplicated efforts on the part of VDA members.
To help streamline security evaluations, VDA set up TISAX, which is used by European automotive companies to provide a common information security assessment for internal analysis, evaluation of suppliers, and information exchange. The ENX Association is responsible for TISAX implementation - it accredits auditors, maintains the accreditation criteria and assessment requirements, and monitors the quality of implementation and assessment results.
The TISAX control scope is documented in the latest VDA ISA catalogue available from VDA Publications.
Azure and TISAX
An independent ENX-accredited auditor completed the TISAX assessment of Microsoft datacenter infrastructure regions against TISAX specifications and IT security requirements. These TISAX certified regions provide the physical infrastructure for Microsoft online services, including Azure, Dynamics 365, and Microsoft 365, that are described in the assessment report.
If you're an automotive company interested in cloud adoption, you can evaluate the Microsoft TISAX assessment to create cloud solutions that benefit from strong information security and data protection. You can use Azure and other Microsoft cloud services, and exchange data with suppliers who are also TISAX compliant.
TISAX Assessment Level 3 (AL3)
AL3 is required for data with a very high need for protection, such as data classified as strictly confidential or secret, data from crash test and flow simulations, and artificial intelligence (AI) systems. The corresponding audit for AL3 included a thorough verification of security processes, comprehensive onsite inspection, and in-person interviews. The following Microsoft regions have been verified for TISAX AL3 with data protection module:
|Brazil Northeast||Australia Central||Austria East|
|Brazil South||Australia Central 2||France Central|
|Brazil Southeast||Australia East||France South|
|Canada Central||Australia Southeast||Germany North|
|Canada East||Central India||Germany West Central|
|Central US||East Asia||North Europe|
|Central US EUAP||Japan East||North Europe 2|
|Chile Central||Japan West||Norway East|
|East US||Jio India Central||Norway West|
|East US 2||Jio India West||Qatar Central|
|East US 2 EUAP||Korea Central||South Africa North|
|East US STG||Korea South||South Africa West|
|North Central US||Korea South 2||Sweden Central|
|South Central US||South India||Sweden South|
|West Central US||Southeast Asia||Switzerland North|
|West US||West India||Switzerland West|
|West US 2||UAE Central|
|West US 3||UAE North|
EUAP = early updates access program; STG = staging environment
If you're an industry representative registered with ENX, you can find the TISAX assessment details on the ENX Portal. To access Microsoft assessment results:
- Sign in to your existing TISAX account and search for Microsoft
Alternatively, you may narrow your search using the following information:
- Microsoft Assessment ID: AP78YM-1
- Microsoft Assessment Level 3 (AL3) scope ID: SN2CV2
- Azure compliance documentation
- Azure enables a world of compliance
- Microsoft 365 compliance offerings
- Compliance on the Microsoft Trust Center
- German Association of the Automotive Industry (Verband der Automobilindustrie, VDA)
- VDA Publications
- TISAX Frequently Asked Questions
- Azure ISO/IEC 27001 and ISO/IEC 27002 compliance