TISAX® standards at All for One Poland: We are automotive too | All for One Poland

TISAX® standards at All for One Poland: We are automotive too

All for One uses its more than a decade-long experience in the implementation, auditing and maintenance of Information Security Management Systems, comprehensively supporting companies from the automotive industry in the preparation and implementation of the TISAX® standard. But that’s not all. As an IT company providing services to this sector, we have also undergone an audit and obtained the TISAX® label, which is our passport in the automotive ecosystem.


The TISAX® label (certificate) is a relatively new standard for confirming systemic information security management in companies operating in the automotive industry. Until a few years ago, as a consulting company, we were carrying out ISMS implementations in this sector according to the ISO/IEC 27001 standard, and then soon the industry began to recognize the TISAX® standard as more suitable for its profile, with the requirements described in the VDA ISA checklists. Thus, organizations with ISO/IEC 27001 certifications launched projects to convert their management systems, while new participants started projects to implement an ISMS in accordance with VDA ISA/TISAX.

It is worth noting that the popularity of TISAX® is due in part to the better alignment of VDA ISA requirements with the specifics of the automotive industry and the precise identification of areas requiring special protection (e.g., prototypes) relative to the more general requirements of ISO/IEC 27001. At the same time, most of the controls required to obtain the TISAX label are a reference to ISO/IEC 27001, which in turn makes it easier for organizations previously certified to ISO/IEC 27001 to adapt their management systems.

An example of such a successful conversion is the Integrated Management System we use at All for One Poland – we have maintained certification according to ISO/IEC 27001 since 2007, and we successfully passed the TISAX audit in 2023. Thus, we will meet all information security requirements of both our automotive customers (TISAX®) and other industries (ISO/IEC 27001).

Our example illustrates what an ecosystem of automotive-related companies is within the meaning of VDA ISA/TISAX®.  It encompasses not only manufacturing companies – suppliers of parts and components – but also a broad spectrum of service companies from various industries, such as IT, marketing, engineering/design, logistics, sales, as well as financial and insurance services. TISAX® implementations result in an ecosystem of cooperating organizations in the automotive supply chain that mutually confirm the use of a systemic approach to information security management.

The VDA ISA checklist has undergone numerous modifications and additions in recent years. The current edition – version 6.0 – published at the end of 2023, and applicable to new certifications as of April 1, 2024, represents a mature catalog of issues to be regulated as part of systemic information security management It draws from recognized global standards such as: ISO/IEC 27001:2022, NIST SP800-53r5 or ISA/IEC 62443. The standard is also consistent with legal regulations such as GDPR and NIS 2.

The scope of application defined in the VDA ISA is very wide. Many controls describe detailed requirements in the IT area, for example: the requirement to use MDM tools for managing mobile devices (including e.g. data encryption), strong (two-factor) authentication, archiving and analysis of system logs, management of vulnerabilities and updates of IT systems, business continuity plans, backup & recovery solutions and many others.

In practice, this means that the project of ensuring compliance with VDA ISA is both a business project affecting many processes in the organization and, at the same time, an IT modernization project in terms of a higher level of cybersecurity.

All for One Poland provides all these services comprehensively. However, in each company the project is different due to the profile of a given organization, the size of the business, priorities and risks, as well as the maturity of the IT environment. Therefore, to achieve final success, an individual approach is necessary, based, among others, on: a gap analysis, IT security audit and penetration tests, as well as a risk analysis conducted together with the business.

Write us Call us Send email

    1. Personal data is processed pursuant to Article 6 (1) (a) of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016 – the General Data Protection Regulation
    2. The data controller is All for One Poland sp. z o.o. with its registered office in Złotniki, ul. Krzemowa 1 62-002 Suchy Las. Contact data of the Data Protection Supervisor: iod@all-for-one.com.
    3. Consent to data processing is voluntary, but necessary for contact. Consent may be withdrawn at any time without prejudice to the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.
    4. The data will be processed for the purposes stated above and until this consent is withdrawn, and access to the data will be granted only to selected persons who are duly authorised to process it.
    5. Any person providing personal data shall have the right of access to and rectification, erasure, restriction of processing, the right to object to the processing and to the transfer of data, the right to restriction of processing and the right to object to the processing, the right to data transfer.
    6. Every person whose data is processed has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).
    7. Personal data may be made available to other entities from the group that All for One Poland sp. z o.o. is part of – also located outside the European Economic Area, for marketing purposes. All for One Poland ensures that the data provided to these entities is properly secured, and the person whose data is processed has the right to obtain a copy of the data provided and information on the location of the data provision.

    +48 61 827 70 00

    The office is open
    Monday to Friday
    from 8am to 4pm (CET)

    General contact for the company

    Question about products and services

    Question about work and internships

    This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.