TISAX
Automotive framework for standardized information security assessments
EN 1090
EU standard for execution of steel and aluminium structures
Quick Verdict
TISAX ensures information security for automotive supply chains via assessments, while EN 1090 mandates CE marking for structural steel/aluminium through FPC. Automotive firms adopt TISAX for OEM trust; fabricators use EN 1090 for EU market access and legal compliance.
TISAX
Trusted Information Security Assessment Exchange (TISAX)
Key Features
- Centralized ENX portal enables result sharing across OEMs
- Automotive-specific prototype protection and IP controls
- Three risk-based assessment levels (AL1-AL3)
- VDA ISA catalog with maturity scoring (0-5)
- Three-year valid labels reduce duplicate audits
EN 1090
EN 1090 Execution of steel and aluminium structures
Key Features
- Risk-based Execution Classes (EXC1-EXC4)
- Factory Production Control (FPC) certification
- CE marking and Declaration of Performance
- Welding quality via ISO 3834 alignment
- Material traceability and NDT requirements
Detailed Analysis
A comprehensive look at the specific requirements, scope, and impact of each standard.
TISAX Details
What It Is
TISAX (Trusted Information Security Assessment Exchange) is an industry framework developed by the ENX Association and VDA for the automotive sector. It standardizes assessments of information security, focusing on protecting sensitive data like prototypes and IP in global supply chains. The risk-based approach uses the VDA ISA catalog (version 5.0.4/6.0) with three assessment levels (AL1-AL3).
Key Components
- **Control groupsPolicy, organization, personnel, physical security, access, cryptography, operations, supplier relationships (70+ controls).
- **Automotive modulesPrototype protection, data protection.
- Built on ISO 27001 with maturity levels (0-5 scale).
- **Certification modelLabels valid 3 years, shared via ENX portal.
Why Organizations Use It
OEMs mandate TISAX contractually for suppliers, enabling market access and revenue. It mitigates risks like IP theft, reduces duplicate audits (70-90% efficiency), builds trust, and provides competitive edges in €2.5T automotive chain.
Implementation Overview
Phased: Preparation/gap analysis (1-3 months), remediation/tabletops (3-9 months), audit/certification (2-4 months), ongoing sustainment. Applies to OEMs, Tier 1/2 suppliers, service providers; scalable for SMEs to multinationals via self-assess or on-site audits.
EN 1090 Details
What It Is
EN 1090 is a harmonized European standard family (EN 1090-1, -2, -3) under the Construction Products Regulation (CPR). It governs the execution and conformity assessment of structural steel and aluminium components/kits for construction works. Primary purpose: ensure controlled fabrication, welding, inspection and CE marking via risk-based Execution Classes (EXC1-EXC4).
Key Components
- **EN 1090-1Conformity assessment, Factory Production Control (FPC) certification.
- **EN 1090-2/-3Technical rules for steel/aluminium (materials, welding per ISO 3834, tolerances, corrosion protection, NDT).
- Risk-scaled requirements via consequence/service/production categories.
- Certification model: Notified Body audits FPC, issues certificate for CE/DoP.
Why Organizations Use It
- Mandatory for EU market access (CE marking required).
- Reduces liability, rework; builds trust via traceability.
- Enables high-risk projects (EXC3/EXC4), competitive bidding.
Implementation Overview
Phased: gap analysis, FPC build, welding quals, NB certification (3-12 months). Applies to fabricators in EU/UK; ongoing surveillance.
Key Differences
| Aspect | TISAX | EN 1090 |
|---|---|---|
| Scope | Information security in automotive supply chain | Execution of steel/aluminium structural components |
| Industry | Automotive suppliers, OEMs (mainly Europe) | Construction, fabrication (EU/EEA market) |
| Nature | Voluntary industry certification | Mandatory for CE marking under CPR |
| Testing | Maturity assessments AL1-3 by providers | FPC certification, surveillance by Notified Body |
| Penalties | Contract loss, no legal fines | Market exclusion, legal enforcement, fines |
Scope
Industry
Nature
Testing
Penalties
Frequently Asked Questions
Common questions about TISAX and EN 1090
TISAX FAQ
EN 1090 FAQ
You Might also be Interested in These Articles...
NIST 800-53 Private Sector ROI Reality Check: Isolating Control Family Impacts on 2024 Breach Costs
Discover NIST 800-53 ROI in private sector: control families like RA, SI, SR reduce median breach costs from $100K to under $50K. Get benchmarks to prioritize i
5 Ways Modern Compliance Software Makes Evolving Regulations Your Strategic Advantage
Discover 5 ways modern compliance software turns evolving regulations into strategic advantage. Automate monitoring, cut 3x non-compliance costs, stay audit-rea
What if the EU would not have made GDPR mandatory...
Explore a world without mandatory GDPR: How would organizations manage data? What data privacy regs would emerge? Uncover impacts on businesses and privacy laws
Run Maturity Assessments with GRADUM
Transform your compliance journey with our AI-powered assessment platform
Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.
Check out these other Gradum.io Standards Comparison Pages
COBIT vs U.S. SEC Cybersecurity Rules
Explore COBIT vs U.S. SEC Cybersecurity Rules: Align IT governance with rapid incident disclosure for compliance mastery. Boost risk management, board oversight. Optimize now!
WEEE vs IFS Food
WEEE vs IFS Food: Compare key differences in compliance, scopes, targets & strategies for electronics waste directive vs food safety standard. Optimize your ops today!
TISAX vs SOX
Discover TISAX vs SOX: Compare automotive cybersecurity (TISAX) with financial controls (SOX). Uncover compliance strategies, risks, benefits for supply chains & investors. Master both now!