TISAX Consulting & Assessment Preparation
Win and keep automotive contracts with expert TISAX preparation — from ISMS build to a successful assessment and label.
The problems this solves
Win and keep automotive contracts with expert TISAX preparation — from an ISO 27001-based ISMS to a successful assessment and shared label.
No label, no bid
Most automotive tenders require a valid TISAX label — without one you cannot even enter the process.
Which level applies?
Choosing the wrong assessment level or objectives wastes effort and can mean failing the assessment.
Prototype protection
TISAX places heavy emphasis on protecting prototypes and design data, which trips up many suppliers.
VDA ISA complexity
Mapping your controls to the VDA ISA catalogue is detailed, technical work that is easy to get wrong.
One connected ecosystem, end to end
I guide automotive suppliers through the entire TISAX journey — assessing readiness, building an automotive-grade ISMS, and supporting the official assessment.
CyberHealth360
An automated assessment platform that benchmarks your current security posture and surfaces the gaps that matter most.
Sandy Smajic Consulting
Senior advisory that turns findings into a prioritized, board-ready roadmap and implements the controls that protect the business.
ComplianceHub360
A GRC platform that keeps policies, evidence and audits in one place so your program stays continuously audit-ready.
What TISAX is and why it matters
TISAX (Trusted Information Security Assessment Exchange) is the automotive industry's standard for information security. Built on ISO 27001 with automotive-specific requirements, it allows suppliers to demonstrate their security maturity once and share the result across multiple OEMs.
For suppliers, TISAX is effectively the entry ticket to the automotive supply chain. The vast majority of automotive tenders require a valid TISAX label, and without one you simply cannot bid for the work.
My TISAX preparation service
I guide automotive suppliers through the entire TISAX journey, from understanding which assessment level and objectives apply to you, through to a successful assessment.
- Determining the right TISAX assessment level and objectives
- ISO 27001-based ISMS with automotive controls
- Prototype protection and data classification measures
- Gap analysis against the VDA ISA catalogue
- Assessment readiness review
- Support throughout the official assessment
Protecting prototypes and intellectual property
Automotive work often involves highly sensitive prototypes and design data. TISAX places particular emphasis on physical and logical protection of this information, and I help you implement measures that satisfy assessors without disrupting engineering work.
Standards and regulations we cover
Engagements map to the frameworks that matter for your sector — assessed objectively and tracked continuously.
What you walk away with
Tangible, audit-ready outputs — not slideware. Everything is built to fit how your organization actually works.
Assessment level guidance
The correct TISAX level and objectives mapped to your data sensitivity and customer needs.
Automotive-grade ISMS
An ISO 27001-based ISMS extended with the controls TISAX assessors expect.
VDA ISA gap analysis
A detailed mapping of your controls to the VDA ISA catalogue with remediation.
Assessment support
Readiness review and hands-on support through the official ENX-recognized assessment.
A clear path from gap to audit-ready
A proven four-phase engagement that moves you from uncertainty to a sustainable, defensible program.
Determine scope
Identify the right assessment level and objectives, benchmarked with CyberHealth360.
Build ISMS
Implement an ISO 27001-based ISMS with automotive-specific controls and prototype protection.
Gap & ready
Close gaps against the VDA ISA catalogue and run an assessment-readiness review.
Assess & maintain
Support you through the official assessment, then sustain the label in ComplianceHub360.
How this plays out in practice
An anonymized example of the ecosystem in action. Outcomes are described qualitatively to respect client confidentiality.
Required a TISAX label to remain eligible for OEM contracts but had no formal information security management in place.
Determined the right assessment level, built an automotive-grade ISMS with prototype protection, and prepared evidence in ComplianceHub360.
Achieved the required TISAX label, preserving eligibility across multiple OEM supply chains through mutual recognition.
Compliance managed, not just achieved
Once your program is in place, ComplianceHub360 keeps policies, evidence and audits in one place — so the next audit is never a fire drill.
Sectors I work with
Engagements are tailored to the regulatory and operational realities of your industry.
Expertise you can verify
Advisory grounded in academic rigor, real audit experience, and the platforms built to support it.
External Lecturer — HDBW
Teaches IT Security, risk management and compliance at the University of Applied Sciences, keeping practice grounded in current academic rigor.
Cybersecurity Consultant
Hands-on senior consultant who has guided organizations through real ISO 27001, NIS2, TISAX and DORA audits across multiple sectors.
Founder — Security Ecosystem
Built CyberHealth360 and ComplianceHub360 to connect assessment, strategy and compliance management into one continuous program.
Frequently asked questions
The platforms behind the service
Every engagement is powered by the same two platforms that keep your program objective and audit-ready.
Explore related expertise
Step inside the ecosystem
Book a free 30-minute consultation and get a clear, practical path forward — or run a free assessment to see exactly where you stand today.