Contact

TISAX at RSB-AC – Security You Can Trust

9 MIN READ

2026-02-11

Table of content

  1. Cybersecurity: No Longer Optional
  2. What Is TISAX? – Explained in Simple Terms
  3. What Does TISAX Certification Confirm?
  4. Why We Chose TISAX
  5. Scope of TISAX Certification at RSB
  6. What TISAX Means for Our Clients
  7. Our Path to TISAX Certification
  8. What’s Next – Continuous Improvement
  9. Ready for Secure Cooperation

Cybersecurity: No Longer Optional

Imagine this: a confidential prototype design is leaked, sensitive vehicle software data is exposed, or an unauthorized party gains access to critical project documentation. For OEMs and Tier1 suppliers, such incidents can lead to financial losses, reputational damage, project delays, and even serious legal consequences. The Automotive Cybersecurity Report 2025: Global Threats & Trends (Upstream Security) confirms that cyber risks targeting the automotive industry are steadily increasing, affecting companies across the entire supply chain. At the same time, customers are placing growing demands on their partners to demonstrate robust information security practices and reliable protection of confidential data. With cybersecurity becoming a fundamental requirement in modern R&D and engineering projects, ensuring compliance with recognized industry standards is no longer optional. In response to these challenges, RSB Automotive Consulting has decided to strengthen its information security framework and has successfully achieved TISAX certification.

source: Official TISAX label awarded to RSB-AC

What Is TISAX? – Explained in Simple Terms

Before we move on to celebrating our achievement, let’s take a step back and answer a simple question: what is TISAX, really?

TISAX stands for Trusted Information Security Assessment Exchange. It is an information security standard created specifically for the automotive industry by the ENX Association on behalf of the German Automotive Industry Association (VDA). Based on the VDA ISA catalog, TISAX provides a structured and widely recognized way to evaluate how companies protect sensitive information.

The goal of TISAX is straightforward – to ensure that organizations within the automotive supply chain follow reliable and industry-accepted information security practices. Automotive projects involve confidential technical documentation, intellectual property, and business-critical data, which makes strong security controls essential. TISAX offers a common framework to verify that such information is handled in a secure and professional manner.

source: www.sciencedirect.com

TISAX applies to a broad range of organizations within the automotive supply chain, including OEMs, Tier1 and Tier2 suppliers, engineering service providers, software developers, and research institutions. Unlike general standards such as ISO 27001, TISAX is tailored specifically to automotive requirements. A key advantage is mutual recognition – one successful assessment can be accepted by multiple customers, eliminating the need for repeated audits. As a result, TISAX has become a widely expected requirement for companies working with leading automotive manufacturers. The diagram above illustrates how diverse and interconnected the TISAX ecosystem truly is.

If you would like to explore the topic in more depth, we recommend an excellent publication from our own “Polish backyard” written by Polish authors: “TISAX – Optimization of IT Risk Management in the Automotive Industry” by Tomasz Królikowski and Agnieszka Ubowska, presented at the 25th International Conference on Knowledge-Based and Intelligent Information & Engineering Systems (KES). The article provides valuable technical insight into how TISAX supports risk management in practice.

What Does TISAX Certification Confirm?

TISAX is not just another certificate to hang on the wall – it is a clear signal that a company takes information security seriously. It provides independent proof that the organization has a mature and well-structured Information Security Management System (ISMS) and is capable of protecting sensitive automotive data.

A successful TISAX assessment confirms that the organization has implemented secure operational processes, effective access control, and proper protection of customer data and intellectual property. It also verifies well-defined procedures for incident managementIT and infrastructure security, and responsible handling of confidential information.

Additionally, TISAX demonstrates that the company manages suppliers securely and ensures the confidentiality of R&D projects and technical documentation. All of this is validated through an independent assessment performed by accredited auditors.

In simple terms: TISAX is proof that a company fulfills the information security requirements of the automotive industry and can be trusted as a secure and reliable partner.

Why We Chose TISAX

Our journey toward TISAX certification did not start with a formal requirement – it started with conversations. Over time, we began receiving more and more questions from potential clients about whether we were TISAX certified. These inquiries were no longer coming only from OEMs, but increasingly from Tier1 companies as well. TISAX started appearing in contracts, project requirements, and cooperation agreements – often as a condition for participation or at least as a clear expectation for the near future.

industry discussions at MotoSolutions

This made us realize something important: the automotive world was changing. TISAX was no longer an optional extra or a “nice-to-have” – it was becoming an essential part of doing business in the industry. We also saw this trend clearly during the industry events we regularly attend, such as MotoSolutions, AutoSens, and conferences focused on Functional Safety and Cybersecurity. In discussions with customers, partners, and experts, information security and compliance were increasingly central topics. The message from the market was clear: strong, verifiable security standards are now a fundamental requirement.

As an engineering and consulting partner, we work daily with highly sensitive information. Our projects involve R&D activities, access to confidential technical documentation, cooperation within customer systems, and the processing of personal data of candidates and consultants. Operating internationally – mainly across Europe but also on other continents – we saw firsthand that reliable information security has become a key element of modern automotive collaboration.

At the same time, we wanted more than just to meet external expectations. We wanted to unify our internal standards, professionalize our processes, and further strengthen the trust of our clients and partners. Implementing TISAX felt like the logical next step in our development. In short, we did not pursue TISAX because we had to – we pursued it because we want to work according to the highest standards.

Scope of TISAX Certification at RSB

RSB Automotive Consulting has successfully completed the TISAX assessment at Assessment Level 2 (AL2). The evaluation covered our operations at the registered location in Kraków, Poland, and confirms that our organization meets the information security requirements expected within the automotive industry.

According to the official scope of assessment, the certification applies to all processes and resources that are subject to security requirements from automotive partners. This includes the collection, storage, and processing of information, as well as the protection of confidential data handled on behalf of our clients. The assessment objectives also explicitly cover data protection in line with EU GDPR Article 28 (“Processor”) and the secure handling of confidential information.

In practical terms, the TISAX assessment at RSB-AC included key operational areas such as:

  • engineering and R&D project support
  • handling of customer technical documentation
  • HR and recruitment processes
  • processing of personal data of candidates and consultants
  • IT infrastructure and system security
  • access control and secure working environments
  • supplier and partner management
  • incident management and data protection processes

The official TISAX label presented above confirms the defined scope, location, and validity of our assessment, which is currently valid until 20 October 2028. Detailed assessment results are available to authorized partners through the ENX TISAX platform.

source:summary of RSB-AC TISAX assessment

What TISAX Means for Our Clients

For our clients, TISAX certification is a real business enabler. It allows cooperation with RSB Automotive Consulting to start faster and with fewer formal barriers, eliminating the need for additional security audits or complex verification processes. In practice, this can shorten onboarding and project kick-off timelines by several weeks, making collaboration more efficient from day one.

TISAX also opens doors that were previously closed. Thanks to the certification, RSB-AC is now able to work with major international automotive companies – including leading European OEMs – where cooperation had not been possible before. For many organizations, TISAX is a mandatory requirement, and having it means we can finally participate in projects and tenders that were out of reach in the past.

From a client perspective, TISAX provides a clear guarantee that intellectual property, technical documentation, and confidential project data are properly protected. It confirms secure operational processes, controlled access to information, and professional incident management – significantly reducing the risk of data leaks or security incidents.

The certification also ensures secure and standardized onboarding of consultants. Data exchange, system access, and cooperation within customer environments follow audited procedures, bringing greater transparency and predictability to every project.

Equally important, TISAX puts RSB-AC on an equal footing with global engineering and consulting companies that already hold similar certifications. It allows our clients to choose us not only for expertise and flexibility, but also for verified, industry-recognized security standards.

In short, TISAX means faster project start, lower risk, and stronger trust – enabling our clients to focus on innovation and results rather than compliance concerns.

Our Path to TISAX Certification

Our TISAX journey was not a sudden revolution – it was more of a natural evolution. Over the course of about six months of focused work, we brought structure and formal recognition to something that had always been important to us: information security.

The truth is, we didn’t have to reinvent ourselves. Many security-related processes were already part of our daily operations long before TISAX became a requirement. What changed was the way we organized and documented them. We reviewed what we were already doing, put it into a clear framework, formalized procedures, and gave them an official, consistent form.

To lead this effort, we appointed an Information Security Management Representative, responsible for coordinating activities and making sure everything met TISAX expectations. We carried out an in-depth information security audit – looking not only at our IT systems, website, and ATS platform, but also at internal processes, data handling practices, and even the physical security of our office.

With the support of an external auditing partner, we identified areas for improvement and created a concrete action plan. There were internal discussions, risk analyses, and corrective actions. Step by step, we refined how we work.

Training became an important part of the process. Recruiters completed GDPR-focused sessions, teams learned about secure information management, and we developed a comprehensive internal handbook covering everyday rules: secure remote work, BYOD principles, password policies, 2FA, clean desk standards, software usage, access to secure areas, and HR processes such as onboarding, offboarding, and document retention.

company polocy

Most importantly, it was a team effort. Different departments were involved, new habits were introduced, and information security became an even more visible part of our company culture.

And then came the final confirmation. On 25 January, after months of preparation and audits, our approach was officially validated with a maturity score of 2.78, confirming that RSB Automotive Consulting meets TISAX requirements. Looking back, the certification was not just about passing an assessment. It was about becoming more organized, more transparent, and more professional in the way we protect information every day.

What’s Next – Continuous Improvement

Achieving TISAX certification is an important milestone – but it is not the end of the journey. For RSB Automotive Consulting, TISAX is not a one-time project; it is a commitment to continuous improvement and long-term information security management.

Maintaining the certification requires ongoing effort. Regular internal reviews, periodic audits, and constant monitoring of processes ensure that our security standards remain effective and up to date. As technology, regulations, and client expectations evolve, so do our policies and procedures.

We will continue to invest in employee awareness, system security, and process optimization to further strengthen the protection of client data and confidential information. Each new project, audit, and improvement initiative helps us build a more resilient and mature organization.

In short, TISAX is not just a certificate on paper – it is a living framework that guides how we work today and how we will develop in the future.

Ready for Secure Cooperation

TISAX confirms what we have always believed: security, professionalism, and trust go hand in hand. At RSB Automotive Consulting, we are ready to support demanding automotive projects with verified standards and a responsible approach to information protection.

Looking for an engineering partner you can trust? One that understands both technology and security? Let’s talk. https://outlook.office365.com/book/BookanRSBmeeting@rsb.ac/?ismsaljsauthenabled=true.Whether you need project support, specialized consultants, or a reliable long-term partner – we are here to help.

And if you’d like to learn more about how we continuously improve our standards, check out our story about EcoVadis and how we are becoming an even stronger, more responsible organization: RSB Automotive Consulting Awarded EcoVadis Silver Medal in 2025 – RSB Automotive Consulting


Call us. Write to us. Let’s build something great – securely.

Sources:

Upstream Security. (2025). Automotive Cybersecurity Report 2025: Global Threats & TrendsUpstream’s 2025 Global Automotive Cybersecurity Report

Królikowski, T., & Ubowska, A. (2021). TISAX – Optimization of IT risk management in the automotive industry. 25th International Conference on Knowledge-Based and Intelligent Information & Engineering Systems (KES). (PDF) TISAX – optimization of IT risk management in the automotive industry

Explore latest news
and articles

9 MIN READ
Ending the Year Where the Industry Speaks: RSB at MotoSolutions
3 MIN READ
RSB Automotive Consulting Awarded EcoVadis Silver Medal in 2025
7 MIN READ
From Growth to Efficiency: What 'Leaphome' Mode Means for OEMs