TISAX_华为云

Frequently asked questions about TISAX

What's TISAX?

Trusted Information Security Assessment Exchange (TISAX) is an assessment and exchange mechanism for the information security of automotive companies. It was set up by the German Association of the Automotive Industry (Verband der Automobilindustrie, VDA) and is administered by the European Network Exchange Association (ENX) on behalf of the VDA. The TISAX label is the automotive industry's first and only officially released information security label mechanism across the globe. It provides a common framework to streamline information security assessments in the automotive industry both in Europe and around the world.

Huawei Cloud has earned the TISAX level-3 certification (very high need for protection) and label, which certifies Huawei Cloud's leading expertise in cybersecurity and data privacy protection, and its ability to provide cloud services of the highest security standard for the automotive industry.

In addition, Huawei Cloud periodically reviews its information security management systems based on changing conditions. This ensures that Huawei Cloud services will always be protected by industry-leading capabilities in cybersecurity and data privacy protection.
What does the TISAX standard include?

TISAX consists of three modules: information security, prototype protection, and data protection.

Data protection specifies requirements on personal data protection as stipulated by article 28 of the European General Data Protection Regulation (GDPR). Any data processor must develop and implement appropriate measures to protect personal data in accordance with applicable laws and regulations.

Prototype protection specifies physical and organizational requirements for the protection of vehicle prototypes (test vehicles and core part prototypes), covering end-to-end processes (such as transportation and parking) in vehicle prototype handling.

Information security consists of three levels of protection requirements, which are evaluated based on the following control domains: physical security and business continuity, identity and access management, IT security/cybersecurity, supplier relationships, information security system and organization, and human resources. The three levels of information security include:

1. General protection requirements (level-1 label, AL1): Only internal information is involved.

2. High protection requirements (level-2 label, AL2): Confidential information is involved.

3. Very high protection requirements (level-3 label, AL3): Secret information is involved.

Huawei Cloud's TISAX certification is of the highest level. This certifies Huawei Cloud's qualification to provide secure cloud services for the automotive industry.
Can my organization become TISAX-certified automatically by using Huawei Cloud?

Although Huawei Cloud has earned the TISAX certification and provides you with secure and reliable cloud services on this basis, using services provided by Huawei Cloud does not certify your organization's compliance with the TISAX requirements. TISAX certification requires us to establish, implement, maintain, and continuously improve the information security management system of our organizations based on the TISAX guidelines, standards, and best practices. To have your organization certified, you can contact a TISAX certifying body to initiate the certification.