PL EN
PL EN
787 974 136
731 901 601
Implementation methodology Standard information Benefits Testimonials
DJB Doradztwo Implementations TISAX

TISAX Secure information exchange in the automotive industry

With our help, you will implement TISAX

Certyfikat Certificate with guaranteed certification
Czas Fast implementation
Puzzle Tailored to your company's needs
Bez papierologii No unnecessary paperwork

Over 5,000 small, medium, and large companies have trusted us over 25 years:

xerox brother good-mills promedica 24 stalesia norvacc holidayin eisberg univar hanarol mwv lot parp minimax
Request a free quote

fill out the form or call us

787 974 136 731 901 601
Certificate guarantee
Bezpieczne dane

Your data is safe with us.
We care about your privacy.

Implementation Methodology

Discover our unique implementation methodology that guarantees
successful certification.

1 Company Analysis
During the on-site audit, we review the processes in place within the client’s organisation. We assess the level of security required by the VDA standard and compliance with the requirements of clients in the automotive industry.
Step 1: Company Analysis
2 Project Security
We advise the client on best practices regarding the classification and security of projects. We recommend selecting the appropriate security level: AL 1, AL 2 or AL 3.
Step 2: Project Security
3 Information Security Policy
Together with the client, we define an information security strategy, taking into account business objectives and the requirements of clients in the automotive industry.
Step 3: Information Security Policy
4 Organisational Context
We develop a procedure for the organisational context. We identify internal and external factors, as well as the needs and requirements of interested parties.
Step 4: Organisational Context
5 Risk/Opportunity Analysis
Based on an analysis of the company and risk management standards, we select a risk management methodology appropriate for the client. Together with the client, we conduct a risk and opportunity analysis for the client’s business processes.
Step 5: Risk/Opportunity Analysis
6 Risk Treatment Plans
We discuss and develop, together with the client, a plan for dealing with unacceptable risks.
Step 6: Risk Treatment Plans
7 VDA Worksheet
We discuss and draw up a security policy. We help the client select the appropriate security measures for their organisation.
Step 7: VDA Worksheet
8 Security Procedures
We discuss and develop information security procedures, including: Access control, Rules for granting user permissions, Rules and use of passwords in IT systems, Rules for using IT systems, Rules for remote working, Periodic review of access rights, Operation of systems and networks, Email accounts, Information security policies for email use, Management of removable media, Backups, Information handling policy, Information classification, Clean desk and screen policy, Incident management, Measurement of security effectiveness
Step 8: Security Procedures
9 Business Continuity Plans
We discuss and develop business continuity plans with the Client for their organisation in the event of a disaster.
Step 9: Business Continuity Plans
10 Securing Prototypes
We develop procedures to secure physical and electronic prototypes, taking into account the Client’s requirements and market standards.
Step 10: Securing Prototypes
11 Training
We provide training for the Organisation’s staff on the requirements of ISO 27001:2023, the procedures implemented, the key principles of the information security management system, and training for internal auditors.
Step 11: Training
12 System review
We conduct internal audits. We assist in developing information security objectives and in carrying out a management review.
Step 12: System review
13 Advisory role
We help select a certification body and support you during the certification process.
Step 13: Advisory role

What We Provide to Our Clients

Certyfikat
Guarantee of obtaining certification
Procedury
Development of all procedures and instructions
Zegar
Fast and efficient implementation
Certyfikat
Training confirmed with certificates

Information about the TISAX standard

Who is it for?

The TISAX information security assessment standard is intended for all companies in the automotive industry and their business partners. These include:

  • car manufacturers,
  • manufacturers of automotive components and parts,
  • IT service providers,
  • advertising agencies,
  • companies providing industry training,
  • research institutes.

Information about the standard

TISAX (Trusted Information Security Assessment Exchange) is an international standard for information security assessment in the automotive industry. It is based on the VDA ISA questionnaire, which was developed in accordance with the ISO 27001 standard. The TISAX model defines the conditions for maintaining the required level of confidentiality when exchanging information between entities involved in the automotive industry. TISAX guarantees a uniform level of data security.

Companies operating in the automotive sector must not only meet the highest standards of information security, but also need to continually demonstrate the quality of their standards when working with other companies. The basis for their assessment is the requirements developed by the German Association of the Automotive Industry (German: Verband der Automobilindustrie – VDA) and set out in the VDA ISA catalogue. These guidelines have long been the cornerstone of information security in the automotive industry. Until recently, however, VDA ISA audits were carried out at the request of a company interested in collaborating with a given entity. The consequence was that the entity was subjected to frequent inspections, which generated unnecessary time and financial costs. The TISAX standard, introduced by the VDA in 2018, was developed to standardise information security assessment mechanisms. This avoids a situation where each potential partner creates its own checklists. Currently, the TISAX model is used by hundreds of companies operating in the automotive industry across more than 40 countries.

The scope of the TISAX standard covers requirements relating to, amongst other things:

  • database encryption,
  • the use of two-factor authentication for systems processing sensitive data,
  • the physical protection of prototypes (including, for example, procedures governing visitor access to secure areas),
  • monitoring of KPIs in information security processes (e.g. access rights management),
  • restrictions on the use of cloud solutions for data storage (e.g. technical documentation).

TISAX audits are conducted by bodies accredited by the ENX Association. The audit may take the form of a document-based audit or an on-site audit. It focuses on the assessment of objective evidence whilst taking risk factors into account. Should non-compliance with the VDA ISA standard be detected, the audited entity is obliged to implement corrective measures. A positive TISAX audit result demonstrates that the company maintains a level of security management in its operations that meets the requirements of potential partners. A TISAX audit may be conducted independently or as part of the implementation of an information security management system compliant with ISO 27001.

Benefits of implementation

Currently, all major automotive groups require compliance with the VDA ISA standard. A company that has implemented this standard and undergone a TISAX audit demonstrates its reliability to existing and potential partners, thereby avoiding additional checks before entering into a partnership.

A company that has passed the TISAX audit gains:

  • a positive image in the eyes of business partners, customers and employees,
  • the opportunity to build a lasting, positive relationship with them,
  • a competitive advantage over other entities,
  • an improvement in overall working conditions and better communication within the supply chain.

Testimonials

See what our clients say about our implementations

Philips
"PHILIPS POLSKA SP. Z O.O., headquartered in Warsaw, is pleased to recommend the consulting services provided by DJB Doradztwo Marcin Chorąży.

The work carried out by DJB Doradztwo fully met our quality expectations. It was individually tailored to the needs and specific nature of our organization, as well as to the expectations we had defined. The consultant assigned to the project demonstrated the appropriate competencies and extensive knowledge of the ISO 9001:2015 standard, and was always available to offer help and advice whenever needed."
PHILIPS POLSKA SP. Z O.O.
View testimonials
Wojewódzki Specjalistyczny Szpital im. M. Pirogowa w Łodzi - logo
Wojewódzki Specjalistyczny Szpital im. M. Pirogowa w Łodzi
On behalf of the Wojewódzki Specjalistyczny Szpital im. Pirogowa, I recommend DJB Doradztwo Marcin Chorąży as a firm that prepares organizations for the implementation of a Quality Management System in accordance with the requirements of the ISO 9001:2015 standard. We began our cooperation with DJB Doradztwo in 2017 and continue it to this day. The scope of our collaboration focused on issues related to the implementation of the system. The consultant working with our hospital demonstrated extensive subject matter expertise and conveyed a great deal of valuable information regarding the requirements of the standards, their application, and the principles of conducting the internal audit process in an accessible and engaging manner. In our opinion, DJB Doradztwo Marcin Chorąży is a reliable and highly recommended contractor for the implementation of the ISO 9001:2015 system.
Director of the M. Pirogov W.S.S.Roman Bocian, MD, PhD
View testimonials
CONTROL SYSTEM FMN - logo
CONTROL SYSTEM FMN Sp. z o.o. collaborated with DJB Doradztwo on the comprehensive adaptation of the ISO 9001:2009 system to the requirements of the new ISO 9001:2015 standard, DJB Doradztwo undertook to perform all necessary activities to enable our company to obtain the ISO 9001:2015 certificate, in particular: The employees of DJB Doradztwo performed their tasks in a professional manner. The company is characterized by timeliness and flexibility in problem-solving, as well as respect for the Client's interests.
The DirectorBożena Zawalska
View testimonials
Urząd Lotnictwa Cywilnego - logo
Urząd Lotnictwa Cywilnego is delighted to recommend the services of DJB Doradztwo Marcin Chorąży in the area of implementing the new ISO 9001:2015 quality management system standard. All of the consultant's activities were tailored to our specific needs and expectations. The consultant demonstrated extensive knowledge of the ISO 9001:2015 standard, which enabled him to suggest many valuable solutions. The documentation was prepared with care and precision. The training sessions conducted as part of the implementation were engaging and allowed us to gain a deeper understanding of the requirements of the new ISO 9001:2015 standard.
Director of the CEO's OfficeMagdalena Kapuśniak
View testimonials
View all testimonials
Djb Doradztwo

DJB DORADZTWO
Marcin Chorąży

ul. Kilińskiego 121 C / 152
90-049 Łódź
Offer
Company
Copyright 2026 DJB Doradztwo
Privacy Policy Contact