Support for TISAX® Certification

Pragmatic, structured, and customized support to help you obtain your TISAX® certification, regardless of your level of maturity, scope, or contractual deadlines. We adapt our approach to your specific situation—not the other way around.

Begin the process
100% Satisfaction
13 Reference systems
Over 200 certified clients
Man who works with cyber regulations

+ Over 200 companies have already placed their trust in us

Logo aniah
jamespot logo
Logo airon telematica
Logo seqino
SBS Interactive logo
auqfood logo
The Standard at a Glance

Understanding Certification TISAX®
and the implications for your business

TISAX® (Trusted Information Security Assessment Exchange) is a certification program developed specifically for the automotive industry. It ensures that a company properly protects the sensitive information exchanged with its partners, such as prototype designs, production data, and customer information.

Developed by the ENX association and aligned with ISO 27001, it meets the requirements of original equipment manufacturers (OEMs) and the entire supply chain. In practice,85% of automotive partners require the TISAX® certification to do business.

Unlike ISO 27001, TISAX® is not a certification. It is a label shared on a private platform, visible only to your authorized automotive partners.

Information security
Mandatory scope. Policies, access, cybersecurity, and vendors. ISO 27001 compliant.
Protection of Prototypes
For companies that handle classified customer parts or vehicles.
Data Protection
For subcontractors who process personal data.
VDA ISA 6.x · Certification administered by the ENX Association
3 Assessment Levels
8 VDA ISA Chapters
3 years Validity of the label
~70% ISO 27001 compliance
A TISAX® certification is shared via the ENX Portal and can be viewed by all clients in the industry, thereby avoiding redundant audits by individual OEMs.
Certification cycle
Scoping
Self-Assessment
ENX Audit
Label
Renewal
YOUR CHALLENGES

TISAX® certification:
is a complex undertaking without the right support

The TISAX® certification process requires your teams, processes, and documentation to be fully engaged over several months. Having expert guidance helps you move faster, avoid misalignment, and focus your efforts on what is actually required.

You don't know where to start

Scope, assessment level, maturity level, protection objectives: the initial decisions set the tone for the entire project. A poor initial scope definition will cost you weeks down the line.

Your teams don't have the time or the know-how

CISO, CIO, Quality, HR, IT, Executive Management: TISAX® involves multiple functions simultaneously. Without structured oversight, the project drags on and stalls internally.

You might end up doing too much or not enough

The real issue isn't about piling up paperwork. You need to put in place only what is necessary to meet requirements without creating a long-term burden on your organization.

The VDA ISA standard is demanding

Between evidence, policies, risk analysis, indicators, internal audits, and action plans, it’s easy to misinterpret the expected standard. Guidance ensures a clear understanding of the standards.

You must meet tight deadlines

When a client requires TISAX®, the timeline quickly becomes a key business consideration. Having support helps you structure a realistic project and stay on track.

The assessment is planned well in advance

Mock audits, addressing nonconformities, team preparation, management reviews: success is determined long before the official audit. This is often where experience makes all the difference.

FeelAgile turns these obstacles into manageable steps.

We help you define the scope of the project, prioritize tasks, and prepare your evaluation without overburdening your teams.

Talk to an expert →
Our solutions


Support tailored to your your level of maturity

Are you starting from scratch, or do you already have an ISO 27001 framework that you want to transition to TISAX®? We tailor our support to your specific situation.

Autonomous platform

Take controlof your TISAX® process. At yourown pace.

Access our GRC platform and a comprehensive TISAX® playbook to independently structure your compliance efforts. The tool provides the framework; you stay in control.

What you get:

TISAX Playbook: Step by Step
GRC platform to manage your initiative
Ready-to-use templates and documents
Supervised by a CSM and consultant
Ad hoc support as needed

Key benefits:

  • Go at your own pace
  • Optimize your costs
  • Develop your skills in-house
  • Easily maintain your certification
Read more

Expert guidance

An expert by your side. No blind spots.

Take advantage of a structured support program that combines consulting, training, and auditing to help you move faster, avoid critical mistakes, and feel confident on the day of your TISAX® audit.

What you get:

Initial assessment of your readiness
Compliance Workshops
Support with VDA ISA requirements
Training for Your Teams
Review and approval of your deliverables
Mock audit prior to the evaluation
Support through the final evaluation

Key benefits:

  • Get your project moving
  • Reduce the risk of failure
  • Be prepared on the day of the audit
  • Build your skills with our experts
Read more
Premium

Turnkey project

Leave it all to us. Get your certification.

We manage your entire TISAX process: from the initial scoping to certification. Your team can stay focused on its core business.

What you get:

Comprehensive project management
Dedicated project manager with weekly updates
Steering the WSIS
Drafting and organizing deliverables
Coordination of internal teams
Preparing for and taking the assessment
Support through the certification process

Key benefits:

  • Maximum time savings
  • Minimum internal load
  • End-to-end structured project
  • Certification goal achieved more quickly
Read more
FeelAgile expertise in action

Why choose
for your certificationTISAX® certification?

FeelAgile combines ISO 27001 expertise with in-depth knowledge of the VDA ISA. Our pragmatic approach, our mastery of the standards, and our tailored support make all the difference.
Expert guidance
With Feel Agile, you’ll receive reliable, practical, and results-driven support to ensure your certification and optimize your organization.

Consultants with expertise in the VDA ISA framework

Our experts understand the TISAX requirements from both perspectives: implementation and assessment. They anticipate what the ENX auditor will examine, identify risk areas before they become non-conformities, and prepare you to pass the audit with a genuine level of maturity.

A project manager who becomes a true internal team member

Your FeelAgile consultant does more than just provide advice. They become part of your team, understand your processes and culture, and serve as the driving force behind your certification.

A coherent multi-framework approach

ISO 27001, HDS, TISAX®, SOC 2, SecNumCloud, NIS 2. We develop information security management systems (ISMS) designed to meet multiple certification requirements simultaneously, thereby avoiding redundancies and unnecessary costs.

Leveraging Your Existing ISO 27001 Certification

If you’re already ISO 27001 certified, you’re already halfway there. We’ll map out the remaining 30% in detail—including prototype controls, automotive PII, and on-site protection—without making you start from scratch.

We know your industry and your clients

Automotive equipment manufacturers, subcontractors, IT service providers, and prototype data suppliers. Our experience spans the entire automotive ecosystem. No generic templates: we speak your industry’s language—and that of your customers—from the very first conversation.
Our Method

Each step is clearly defined, documented, and monitored using specific metrics. You always know where you stand.

YourTISAX® support
, in 4 steps

1

Assessment & Scope Definition

Assessment of your current level of readiness regarding VDA ISA requirements, definition of the scope of the assessment, and identification of the target level (AL1, AL2, or AL3). You’ll leave with a personalized, realistic roadmap aligned with your contractual deadlines.

⏱ 2 to 4 weeks
2

Gap Analysis & Remediation Plan

In-depth analysis of the VDA ISA requirements applicable to your scope, identification of non-conformities, and development of a prioritized remediation plan. Each deliverable is aligned with the ENX auditor’s evaluation criteria.

⏱ 1 to 2 months
3

Compliance & Maturity

Implementing security measures, drafting and approving policies and procedures, and training the teams involved. You build tangible evidence, not just superficial compliance.

⏱ 1 to 4 months
4

Preparation & Evaluation

A mock audit covering the entire scope, correction of any remaining non-conformities, followed by support during the official assessment by the ENX-accredited body. Once validated, your certification will be published on the ENX platform.

⏱ 2 to 4 weeks

FeelAgile, an expert incertification support

In addition to TISAX®, we cover all information security certifications

ISO 27001 logo
HDS logo
SECNUMCLOUD logo
SOC2 logo
GDPR logo
ISO 42001 logo
ISO 9001 logo
ISO 13485 logo
NIS2 logo
ISO 27018 logo
Talk to our experts about your needs
Read more
They trust us


Over 200 companies have obtained their certification with FeelAgile

Here’s what those who have experienced the program firsthand have to say.

★★★★★

"
We had very good support. Our quality system was very well studied by the project manager, which made the whole project easier."

Male image
Airon Telematica

Stefano FIORENTINI - CTO

★★★★★

"
Feel Agile has great process knowledge, a project plan with an efficient tempo and existing documentation material to save time."

Male image
Aniah

Mickaël KLAUS

★★★★★

"
Thanks to Feel Agile, we were able to obtain ISO 27001 certification without a single non-conformity, which is a rare achievement."

Profile photo Julien Caasagnabere
Val Solutions

Julien Cassagnabère -RSSI

FAQ

Frequently Asked Questions from Businesses About Support TISAX®

Everything You Need to Know AboutTISAX®

Who is TISAX intended for?

TISAX is intended for all suppliers and service providers in the automotive industry who handle confidential information on behalf of an automaker or supplier: design data, prototypes, production plans, end-customer personal data, and access to connected systems.

In practice, as soon as an OEM (Volkswagen, BMW, Mercedes, Stellantis, Renault, etc.) or a Tier 1 supplier requires TISAX compliance in its specifications, obtaining the certification becomes a prerequisite for continuing the business relationship.

What is the difference between TISAX and ISO 27001?

TISAX is based on the framework of ISO 27001 (ISMS, risk analysis, policies, technical controls) and covers approximately 70% of its requirements. The remaining 30% are specific to the automotive industry: protection of prototypes (secure areas, management of test vehicles), classification of information according to the VDA scheme, and enhanced requirements regarding subcontractor management and the protection of personal data.

TISAX issues a label, not a certificate. This label is published on the ENX portal and shared directly with your automotive customers, without the need to submit an audit report.

What is the VDA ISA questionnaire?

The VDA ISA (Information Security Assessment) is the framework published by the VDA that provides the structure for the TISAX assessment. It contains nearly 200 requirements divided into eight chapters covering security policy, asset management, human resources, physical security, operations, communications, software development, and supplier relations.

Each requirement is rated on a maturity scale from 0 to 5. An ENX auditor expects an average target score of around 3, with certain requirements specific to prototypes rated at 4 or 5 depending on the target AL level.

Which proficiency level should I choose: AL1, AL2, or AL3?

The level depends on the sensitivity of the data provided by your client. In most cases, your automotive client specifies this in their specifications.

AL1 — Data with limited sensitivity, self-assessment without an external auditor.
AL2 — Data requiring a high level of protection, remote audit by an accredited ENX auditor. This is the most frequently requested level.
AL3 — Highly sensitive data (prototypes, strategic designs), comprehensive on-site audit with a physical inspection of the premises.

When your client does not specify a specific level, it is recommended that you anticipate potentially higher requirements. Our first step with you is precisely to confirm this level before we begin.

How do I define the scope of my TISAX assessment?

The scope may cover a specific site (a factory, an office) or multiple sites. Two criteria are non-negotiable.

First, the scope must fall within the scope of your ISMS. Your ISMS may be broader than the TISAX scope, but the reverse is not possible.

Second, the scope must cover all sites that handle your clients’ information or prototypes that require TISAX certification, in order to fully meet their contractual requirements.

An ill-defined scope is one of the main causes of delays or failure during the evaluation. That is why we devote a specific step to this right from the start of the project.

What is ENX's role?

ENX (European Network Exchange) is the organization that manages and oversees the TISAX system. It has three main roles: providing the secure platform on which results are published and shared among companies; approving and monitoring accredited audit bodies; and ensuring the standardization and international recognition of assessments across the automotive industry.

Important note: ENX does not conduct audits. It oversees their regulation, quality, and recognition. The assessment is conducted by an ENX-accredited audit provider that is independent of your consultant.

How long does it take to obtain TISAX certification?

Between 3 and 9 months, depending on where you start.

If you already have an ISO 27001 ISMS in place: 3 to 5 months for gap analysis, updating automotive-specific controls, and assessment. Starting from scratch: 6 to 9 months, including a 2- to 3-month maturation period during which your ISMS must generate actual operational evidence.

The FeelAgile method is designed to meet the deadlines set by your clients, thanks to bi-monthly milestone tracking and a roadmap aligned with your contract date.

How much does a TISAX assessment cost?

The cost is broken down into three categories.

ENX Fees — Approximately €500 for portal registration fees.

Accredited ENX Auditor — Between €5,000 and €15,000 depending on the AL level and the scope of the audit. AL2 typically ranges from €8,000 to €10,000, while AL3 often exceeds €12,000.

FeelAgile Support — Costs vary depending on your initial readiness and scope. A provider with around 30 employees that is already ISO 27001-certified typically invests between €25,000 and €45,000. We provide a customized quote after the scoping phase.

Is ISO 27001 certification required before pursuing TISAX certification?

No, it’s not mandatory. If your company works exclusively in the automotive industry and no other sector requires ISO 27001, it makes perfect sense to aim directly for TISAX.

If you already have an ISO 27001 ISMS in place, this serves as a major accelerator: approximately 70% of the VDA ISA requirements are already covered. If you are aiming to comply with both standards, we recommend developing an integrated ISMS that meets the requirements of both simultaneously, thereby avoiding any duplication of documentation and unnecessary additional costs.

How long is the TISAX certification valid?

The TISAX certification is valid for three years and does not require a mandatory interim surveillance audit, unlike ISO 27001.

Please note, however: during the reassessment after three years, the ENX auditor expects your ISMS to have remained active (annual management reviews, internal audits, incident management, policy updates). Without active maintenance, the reassessment will turn into a complete rebuild.

FeelAgile offers support to help you maintain your certification, ensuring you meet your next deadline without any disruptions or internal overload.

Our articles

Want to learn more from our articles onTISAX®?

TISAX evaluation
Understanding TISAX certification
Read the article

Our experts will get back to you within 24 hours.

Do you have any questions? Would you like a quote for certification or support?

Over 200 companies trust us
jamespot logo
auqfood logo
SBS Interactive logo
Logo seqino
Logo aniah
Logo airon telematica
Join our newsletter
1 email/month

Cybersecurity tips, analyses and news delivered to your inbox every month! 

Services
Certification support
Compliance
Maintaining conformity
Support for ISO 27001 Certification
Support for ISO 9001 Certification
Support for ISO 42001 Certification
Solution (Oversecur)
The Oversecur tool
Offers
Training
GDPR
Information security
Health data
ISO 27001
ISO 9001
HDS
SECNUMCLOUD
Standards & Guidelines
ISO 9001
ISO 27001
HDS
ISO 42001
TISAX
SecNumCloud
SOC 2
NIS 2
GDPR
ISO 20000
ISO 13485
Resources
Blog posts
Manager's guide
Webinars & Events
Guides and Ebooks
ISO 27001 self-diagnosis
NIS 2 Self-Diagnosis
FeelAgile white logo
Logo afaq ISO 27001 Information security AFNOR CERTIFICATION.
qualiopi certified logo

©2026 FeelAgile

qualiopi certificate
Accessibility Policy
Privacy policy
Terms of use