The secure processing of highly sensitive data is becoming increasingly important in the automotive and manufacturing industry. Global supply chains, complex manufacturing processes and close networking between OEMs and IT service providers make a professional information security management system (ISMS) almost indispensable. The Trusted Information Security Assessment Exchange (TISAX) is a binding standard that is based on the VDA Information Security Assessment (VDA ISA) and is becoming increasingly established in the industry.
DENWERIT GmbH set itself the goal of implementing this security standard in the shortest possible time – and was able to achieve TISAX certification without any deviations in just two months with the help of Information Security Experts GmbH (ISX). This excellent result shows that high security requirements and a tight timeframe are not mutually exclusive.
TISAX as a key standard for automotive and manufacturing
Digitalization in the automotive and manufacturing industry is progressing rapidly. OEMs and suppliers are closely networked and exchange sensitive data, including production plans, prototype information and development documents. To ensure that this data is adequately protected along the entire value chain, the German Association of the Automotive Industry (VDA) has established the TISAX process together with the ENX Association.
TISAX is based on the specifications of the VDA ISA catalog and creates a uniform security framework: Companies that can present a TISAX label prove their compliance with the recognized industry standard. IT service providers are a particular focus here, as they often gain deep insight into their customers’ production and quality data.
DENWERIT GmbH and its motivation for TISAX certification
As a specialized IT service provider for the automotive and manufacturing industry, DENWERIT GmbH works closely with customers to digitize processes, integrate IT systems and manage projects. Numerous clients now require proof that sensitive information is processed in accordance with VDA-ISA requirements. For DENWERIT, TISAX certification was therefore not only a formal requirement, but also a strategic step in order to remain competitive in the long term.
The time frame was extremely tight: the company wanted to go from an initial assessment to official certification within just two months. All requirements were to be met so consistently that not a single point of criticism remained in the audit.
Cooperation with ISX: zero-touch and tried-and-tested safety modules
To achieve these goals, DENWERIT commissioned Information Security Experts GmbH (ISX). ISX offers a zero-touch approach that takes the burden off customers like DENWERIT as far as possible while still enabling a high level of security in a short space of time. The modular structure includes:
- Basic moduleFoundation for an ISMS, including clearly defined roles, responsibilities and risk assessments.
- Corporate Monitoring ModulePermanent monitoring of security-relevant IT processes in order to detect vulnerabilities at an early stage.
- TISAX moduleFocus on the VDA ISA catalog and concrete preparation for the certification audit.
The principle of Zero Touch is that ISX largely takes over planning and implementation, while DENWERIT’s internal team only needs to be available for specific, company-related coordination. This means that DENWERIT’s ongoing customer projects remain largely undisturbed.
Project progress: Two months from the gap analysis to the TÜV Süd audit
The project began with a comprehensive gap analysis in which existing security measures and IT structures were examined in relation to the VDA ISA catalog. The findings were incorporated into a concrete action plan that addressed both organizational and technical aspects. Typical tasks included
- Closing documentation gaps in the ISMS
- Optimizing access and authorization concepts
- Introduction of automated monitoring methods (corporate monitoring)
- Raising staff awareness of phishing, social engineering and secure password use
Thanks to the modular approach and short decision-making processes, ISX was able to complete all the planned steps within a few weeks. TÜV Süd, an accredited TISAX certification body, then carried out the final audit. In addition to checking documentation and guidelines, technical function and effectiveness tests were also carried out. DENWERIT passed this audit without any deviations and achieved the maximum number of points possible in all categories.
Certificate awarded to DENWERIT GmbH
The successful audit resulted in the official award of the TISAX certificate. Timo Lang, founder and Managing Director of ISX, personally presented the document to Denis Werner, Managing Director of DENWERIT GmbH. This solemn moment made it clear that an audit result was achieved within a strictly timed two-month timeframe, which is considered extremely rare in the industry: no deviations and complete fulfillment of all TISAX-relevant requirements.
DENWERIT GmbH also publicized this success in a LinkedIn post and emphasized the smooth cooperation with ISX as well as the value of the zero-deviation top score for its own status as an IT service provider.
Success factors and outlook
Several factors contributed to the outstanding result:
- Uncompromising prioritization: DENWERIT’s management provided all the necessary resources and kept distances short so that decisions could be made quickly.
- Proven modules and methodology: ISX introduced preconfigured security modules and the zero-touch approach. This significantly reduced testing and implementation phases.
- Continuous documentation: The interaction between the basic module and the TISAX module ensured that all processes could be audited seamlessly.
- Close coordination between ISX and DENWERIT: Although ISX took on the majority of the work, cooperation with the internal team was essential at key points – for example when defining access rights or processing information for customer projects.
TISAX certification does not establish static security, but marks the starting point for a sustainable information security strategy. Re-audits, adjustments to new VDA ISA requirements and dealing with growing cyber risks are still on the agenda. However, thanks to the newly created monitoring and governance structures and a proven ISMS, DENWERIT is now ideally prepared for this.
Conclusion
The rapid and seamless TISAX certification of DENWERIT GmbH shows that high safety standards can be achieved even within tight time frames if a well thought-out approach with efficient methods is used. For OEMs and other automotive customers, the audit result represents clear proof of quality: Confidential data is demonstrably handled and protected professionally here.
For Information Security Experts GmbH (ISX), the project is also further proof of how a zero-touch model and modular security modules can lead to successful certification within just a few weeks – without affecting the customer’s ongoing operations.
This cooperation is a prime example of how information security can become a key factor in a company’s success: It not only meets the compliance requirements of the industry, but also increases the trust of customers and partners in the performance of an IT service provider.
