ISMS Copilot for German automotive suppliers
Prepare VDA ISA and prototype-protection scope for TISAX, alongside NIS-2-DE obligations.
Why German automotive suppliers choose ISMS Copilot
- Run a VDA ISA gap analysis and prepare for the relevant TISAX assessment level
- Scope prototype-protection and confidentiality controls demanded by OEMs
- Prepare ENX portal registration and assessment logistics
- Run the NIS-2-DE / BSIG applicability test against your sector and headcount
- Map BSIG section 30 risk-management measures onto your TISAX control base
- Cross-map TISAX, ISO 27001 and BSI IT-Grundschutz to avoid duplicate work
Built around the German automotive stack
VDA ISA questionnaire guidance and gap analysis
Assessment-level orientation: AL 2 (remote plausibility check) and AL 3 (on-site audit) for customer-facing labels
Prototype-protection scope: physical, organisational and confidentiality controls
NIS-2-DE / BSIG applicability and BSI registration workflow
BSIG section 30 risk-management mapping to TISAX and ISO 27001
ENX portal preparation and evidence management
Prototype protection: the automotive-specific TISAX scope
TISAX is not generic ISO 27001. It is built on the VDA ISA catalogue, exchanged through the ENX portal, and German automotive suppliers are usually pulled into it by an OEM contract that names a specific assessment objective. The piece with no ISO 27001 equivalent is prototype protection: physical security, visitor and photography controls, and confidentiality handling for pre-series vehicles and parts that OEMs require before sharing designs. Assessment levels matter: AL 1 is a low-trust internal self-assessment that is not used for customer-facing label exchange, so the accepted labels for OEM relationships are AL 2 (remote plausibility check) or AL 3 (on-site audit). Many of the same suppliers also fall under NIS-2-DE (BSIG), with section 30 measures and BSI registration. ISMS Copilot maps your ISO 27001 controls into VDA ISA, scopes prototype protection, and tracks the BSIG duties in parallel.
Explore the TISAX Copilot →Frequently Asked Questions
Which TISAX assessment level do we need for OEM contracts?
AL 1 is a low-trust internal self-assessment and is not used for customer-facing label exchange. For OEM relationships the accepted labels are AL 2 (remote plausibility check) or AL 3 (on-site audit), and prototype-protection objectives typically require AL 3. ISMS Copilot helps you prepare for the level your contract specifies.
Do we need ISO 27001 before TISAX?
Not formally, but TISAX is based on ISO 27001/27002. ISMS Copilot maps existing ISO 27001 and BSI IT-Grundschutz controls onto the VDA ISA catalogue, giving certified suppliers a significant head start, and then layers the automotive-specific prototype-protection scope on top.
Does ISMS Copilot issue a TISAX label?
No. ISMS Copilot does not issue TISAX labels or any certification. TISAX labels are exchanged via the ENX portal after an accredited assessment. ISMS Copilot prepares your VDA ISA evidence and prototype-protection controls so the assessment goes smoothly.
Ready to streamline your compliance work?
Built for speed, accuracy, and audit-ready output.