ISO 27001 vs. TISAX
Cybersecurity standards compared
Practitioner's note: This article is practice-oriented compliance documentation, not legal advice. We are a compliance specialist, not a law firm. For legally binding information please consult a licensed lawyer.
TL;DR
ISO 27001:2022 has 93 controls (Annex A) and is industry-neutral. TISAX (Trusted Information Security Assessment Exchange) supplements ISO 27001 with automotive-specific requirements plus a central platform.
What is ISO 27001 vs. TISAX?
When TISAX?
- Automotive suppliers (OEM requirement)
- Mechanical engineering firms with automotive customers
- IT service providers serving the automotive sector
Cost: ISO 27001 EUR 15-50k. TISAX EUR 8-25k (own costs plus platform fee).
Practical example
An automotive supplier with BMW and VW as customers: TISAX is mandatory (OEM requirement). ISO 27001 is recommended as preparation.
Frequently asked questions
Which one first?
ISO 27001 as a baseline, then TISAX as an extension.
NIS2 recognition?
Both are considered equivalent.