WAFIOS obtained TISAX certification in order to serve as a reliable partner for the automotive industry and to be able to deliver machines and machinery systems directly to automobile manufacturers.

The TISAX (Trusted Information Security Assessment Exchange) certification is a standardized assessment of information security for companies in the automotive industry.

"Obtaining TISAX certification was an intensive process which involved many of our departments. It resulted in optimized processes and a higher security level. This was necessary for obtaining the certification and also good for ensuring reliable processes at WAFIOS. The TISAX label guarantees our customers that confidential information is protected and handled responsibly at all times", says Dr. Ing. Uwe-Peter Weigmann, Speaker of the WAFIOS Executive Board.

The TISAX certification sends a strong signal that WAFIOS adheres to the highest standards in information security. The certificate was originally devised for the automotive industry, but today it also offers significant advantages to customers in the medical technology, aerospace and commercial vehicle manufacturing sectors: at WAFIOS, confidential data, technical documents and development information are protected in accordance with recognized security standards. This builds trust, strengthens cooperation in demanding projects and highlights WAFIOS' professionalism and future viability as a partner across all industries.

What is TISAX?

TISAX ensures the protection of confidential information shared between companies (suppliers, customers and partners).

It was established by the VDA (German Association of the Automotive Industry), whereby a catalog of questions (VDA ISA) was compiled based on ISO 27001. The measures taken for certification are intended to ensure that information security is maintained in the supply chain.

The certificate is valid for three years and can be exchanged with registered companies via the ENX portal. The certificate is proof of a high information security level in the supply chain. WAFIOS has the certificate since the middle of 2024.

Jasmin Rempfer and IT Director Thomas Peter, responsible for implementing the measures required for TISAX certification, report about the development, measures and challenges of the certification process.

Which steps had to be taken in order to get the certification?

Jasmin Rempfer: "First of all, a self-assessment (GAP analysis) had to be made. This was based on the VDA ISA Catalog. For each measure, the status quo was documented with the responsible departments and measures were derived from this. DEKRA served as a consultant and supported the individual departments in gradually implementing the measures that had been defined. In March 2024, a preliminary audit was conducted to review the content and quality of the documents prepared so far and to familiarize ourselves with the audit process. Thus, we were well prepared for the audit that took place in July 2024."

How does the certification affect the employees?

Thomas Peter: "High levels of security have to be observed to obtain the certification. On the one hand, this meant numerous training courses on information security, data protection, and the IT security environment in order to prepare and sensitize employees. On the other hand, there are also measures that increase the level of security, such as stricter password guidelines. We also have more stringent requirements for process and corporate documentation in the form of distinctive change and project management at all levels."

In which sections will the measures be implemented?

Jasmin Rempfer: "The TISAX project is composed of many small projects. Due to a tight schedule, these had to be implemented all at the same time. In addition to IT projects, such as the introduction of USB interface control and multi-factor authentication, the locking system (Plant 1, Plant 2, and Plant 3) was also on the list, which in turn required an upgrade of the canteen's hardware.”

Are there more measures planned?

Thomas Peter: "Yes. The re-certification in the middle of 2027 includes, for example, the certification of the E-Mobility Campus. Construction measures in Plant 1, 2 and 3, which are required for a Level 3 TISAX certification, are also to be implemented gradually. In addition, further security systems in the IT environment will be added, as well as the expansion and extension of the electronic locking system. There are also plans to offer more training courses for employees. Furthermore, a process and policy management system is to be introduced for better control and overview.

What makes the project so exciting?

Jasmin Rempfer: "With its diversity and wide range of applications, TISAX certification is a very exciting project. As a young employee, I was given the opportunity to develop or expand concepts, processes and documents that are now used throughout the company. For implementing them, it was important to understand the tasks of the individual departments within the company and how best to implement the VDA requirements. Personally, I found it interesting to start the certification process from the IT department and thus get to know other departments' working methods and WAFIOS as a whole."

How do customers and partners respond to WAFIOS's TISAX certification?

Thomas Peter: "The certification has been very well received. In the meantime, a large customer from the automotive industry made an order which would not have been possible without a TISAX certification. We expect to get more inquiries and orders from the automotive and e-mobility sector. There are also more and more inquiries concerning information security and our TISAX certification level."

TISAX is a registered trademark of the ENX Association.

https://enx.com/tisax

TISAX and TISAX results are not intended for the general public.

https://portal.enx.com/en-US/TISAX/tisaxassessmentresults