CBTL GmbH has completed a TISAX (Trusted Information Security Assessment Exchange) assessment. This standard represents a consistent, standardized approach to information security systems for the automotive industry in Europe.

Registrierte Teilnehmer können unsere Ergebnisse einsehen unter:

Participant ID: PZXCT6
Scope ID: SCXPP7
Assessment ID: A5RMX2-3.


Why is it becoming increasingly important for many companies to demonstrate a certain level of information security management?

Imagine you want to share confidential information with a business partner. Cooperation is only possible if this information is adequately protected.

But how can you be sure that your partner will keep the information confidential?

Trust is good, but control is better. Your partner, therefore, needs proof that their management of information security meets your requirements. For the most part, companies rely on standards.

And how is proof of information security provided in the automotive industry?

The VDA (German Association of the Automotive Industry) and the governance organization ENX Association have developed TISAX, a standard that evaluates IT security measures across companies. Derived from ISO 27001, TISAX has been adapted to the specifics of the industry.

How does a TISAX assessment work?

The TISAX assessments are carried out by accredited audit providers who assess the standards at regular intervals. However, TISAX and the TISAX results are not intended for the general public.

What measures has CBTL GmbH taken?

For CBTL GmbH confidentiality, availability and integrity of information have a very high value. We have therefore taken extensive measures to protect sensitive and/or confidential information and have in place a robust Information Security Management System (ISMS).

In 2021, we were audited at the Munich location by TÜV Süd (an accredited audit provider) with respect to VDA ISA Catalogue Version 4.1. Audit objectives were:

  • Information with a very high protection requirement (Info Very High)
  • Data protection Pursuant to Article 28 (“Processor”) of the General Data Protection Regulation (GDPR) (Data)