Open Telekom Cloud for Business Customers

TISAX – Security for the automotive industry

by Artur Ivlevs, Product Manager at T-Systems
Digital representation of a castle with ISAX logo and Dutch flag
TISAX stands for Trusted Information Security Assessment Exchange. 
 

In this article you will read about,

  • what's behind TISAX,
  • what TISAX means for automotive companies
  • and which TISAX protection levels are met by the Open Telekom Cloud.


"Do you have TISAX certification?" Companies that offer IT services, for example cloud services, to companies in the automotive environment can very quickly find themselves confronted with this question. 

Frequently, automotive companies require IT service providers - whether for a project-related or long-term collaboration - to have TISAX certification. This proves that various aspects of IT and data security are fulfilled. This is understandable, because data worthy of protection often plays an important role in the extensive supply chains of the automotive industry. This can be personal data such as the name of a recipient, but also intellectual property such as information from research and development that is exchanged between development partners.

What is TISAX?

TISAX stands for Trusted Information Security Assessment Exchange. The German Association of the Automotive Industry (VDA) first developed the industry-specific standard in 2017 together with the ENX Association. Version 5.0 was published in October 2020. A TISAX certificate ensures that the respective provider - which does not necessarily have to be an IT provider - has implemented security measures to guarantee confidential information and the secure exchange of data along the automotive supply chain. This is based on the requirements of the VDA-ISA (Information Security Assessment). This in turn is based on common international standards such as DIN ISO 27001. Depending on the level of requirements, the TISAX certificate is issued in four protection requirement levels.

TISAX protection requirement levels

At level 1 (Basic Protection), service providers guarantee basic IT security measures and compliance with general data protection conditions. At level 2 (Enhanced Protection), IT service providers must have implemented a comprehensive information security management system (ISMS). Level 3 (High Protection) also provides for risk management that offers robust controls for identifying, assessing, and addressing information security risks. Level 4 (Very High Protection) includes specific security requirements for critical infrastructure or particularly sensitive information.

For more information on TISAX, see the ENX Handbook

Open Telekom Cloud and TISAX

The Open Telekom Cloud was already certified in 2018, shortly after the introduction of TISAX, as part of a T-Systems-wide process and can therefore be used for automotive projects without any problems. In 2023, between January and June, DEKRA carried out a review and recertification according to TISAX. In the process, the Open Telekom Cloud team also decided to include the new Alsmeer and Almere sites in the certification. 

The Open Telekom Cloud thus also achieved protection level three for the Netherlands region, which corresponds to a high level of protection for sensitive data. The official entry of the Open Telekom Cloud can be found on the portal of the ENX Association, which acts as the central governance organization in the TISAX system, under the code P0R4YM. Interested parties can obtain the official DEKRA test report on request at service@open-telekom-cloud.com.

Automotive processes possible on the Open Telekom Cloud

The TISAX certification proves that the Open Telekom Cloud protects its users in the automotive industry from data breaches, data leaks, cyber-attacks and industrial espionage, among other things, or minimizes the impact of such security incidents.

This means that automotive companies can now use services not only from the EU-DE region, but also from EU-NL to support their business processes. This can be useful to realize geo-redundancy or to ensure low latencies for services in the UK or Benelux.


This content might also interest you

 
Person typing on the laptop, surrounded by various icons

More than TISAX

Maximum security and compliance with data protection requirements. All Open Telekom Cloud certificates at a glance.

 
Man despairs of certificates and test reports

Clarity in the confusion of certificates

What do the individual certificates and test reports mean (video)?

 
Symbol for the cloud surrounded by security mechanisms.

What makes the Cloud resilient

Running a public cloud requires sophisticated management. A look behind the scenes.

  • Communities

    The Open Telekom Cloud Community

    This is where users, developers and product owners meet to help each other, share knowledge and discuss.

    Discover now

  • Telefon

    Free expert hotline

    Our certified cloud experts provide you with personal service free of charge.

     0800 3304477 (from Germany)

     
    +800 33044770 (from abroad)

     
    24 hours a day, seven days a week

  • E-Mail

    Our customer service is available free of charge via E-Mail

    Write an E-Mail