The Tisax certification is intended to meet the requirements of the automotive industry as a safe partner and to be able to supply machines and systems directly to car manufacturers.
The Tisax certification (Trusted Information Security Assessment Exchange) is a standardized test of information security for companies in the automotive industry.
“The Tisax certification was an intensive process involving many internal departments. The result is optimized processes and a strengthened safety level. This was necessary for the certification and at the same time good for secure processes at Wafios. The Tisax label we have achieved ensures our customers that confidential information at Wafios is protected and handled responsibly at all times,” emphasizes Dr. Uwe-Peter Weigmann, Spokesman of the Management Board.
With the Tisax certification, Wafios introduced the highest standards in information security. What was originally developed for the automotive industry now also offers decisive advantages to customers in the medical technology, aerospace and commercial vehicle manufacturing sectors: Confidential data, technical documents and development information are protected at Wafios in accordance with recognized security standards. This creates trust, strengthens cooperation in demanding projects and underlines the professionalism and future viability of Wafios as a partner – across all industries.
Tisax serves to ensure the protection of confidential information between companies (suppliers, customers and partners). It was launched by the VDA (German Association of the Automotive Industry) and a catalog of requirements (VDA ISA) was tailored based on ISO27001.
The certification measures are intended to ensure that information security is maintained in the supply chain. The certificate is valid for three years and can be exchanged with registered companies via the ENX portal. The certification attests to the high level of information security in the supply chain. Wafios has held the certification since mid-2024.
As the person responsible for implementing the measures for Tisax certification, Jasmin Rempfer reports on the development, measures and challenges of certification together with IT Manager Thomas Peter:
What steps had to be taken to obtain certification?
Jasmin Rempfer: “The first step was to carry out a self-assessment (GAP analysis). This is carried out using the VDA-ISA catalog. For each measure, the status quo was documented with the responsible departments and measures were derived from this. With the help of Dekra as a consultant and the specialist departments, the defined measures were gradually implemented. A pre-audit was carried out in March 2024 to check the content and quality of the documents prepared so far and to familiarize ourselves with the audit process. This meant we were well prepared for the audit, which took place in July 2024.”
How does the certification affect employees?
Thomas Peter: “High security standards must be met for certification. On the one hand, this means numerous training courses on information security, data protection and the IT security environment in order to prepare and sensitize employees. On the other hand, there are also measures to increase security, for example through stricter password guidelines. We also have stricter requirements for process and company documentation in the form of a pronounced change and project management system at all levels.”
In which stages will the measures be implemented?
Jasmin Rempfer: “The Tisax project is made up of many small projects. These had to be implemented in parallel due to the tight schedule. In addition to IT projects, such as the introduction of a USB interface control or multi-factor authentication, the locking system (Plant 1, Plant 2 and Plant 3) was also on the list, which in turn required an update of the canteen hardware.”
Are further measures planned?
Thomas Peter: “Yes, with the re-certification in mid-2027, for example, the certification of the E-Mobility Campus is planned. Gradually, structural measures are also to be implemented in Plants 1, 2 and 3, which will be required in the event of Tisax Level 3 certification. Further security systems in the IT environment will also be added, as well as the expansion and extension of the electronic locking system. There will also be a wider range of training courses for employees. In addition, a process and policy management system is to be introduced for better control and overview.”
What makes the project so exciting?
Jasmin Rempfer: “The Tisax certification is a very exciting project with its diversity and range of applications. As a young employee, I was able to develop or expand concepts, processes and documents that are now used throughout the company. For the implementation, it was important to understand what tasks the individual departments in the company have and how the requirements of the VDA can best be implemented. For me personally, it was very exciting to take this step out of IT and get to know the workflows of the other departments and Wafios as an overall construct.”
How do customers and partners react to the Tisax certification?
Thomas Peter: “The certification has been very well received by our customers. In the meantime, we have won a customer order from a major car manufacturer that would not have come about without the Tisax certification. We are expecting further inquiries and orders in the automotive and e-mobility sector. We are also receiving an increasing number of inquiries regarding information security and the level of Tisax certification.”
Background
Wafios develops, designs and manufactures special machines for the wire and tube processing industry as well as for cold forming. The company is one of the leading suppliers in this field. Over 130 years of experience speak for quality and innovation. The product range comprises more than 130 machine types. Equipped with state-of-the-art software, artificial intelligence and IoT, Wafios machines optimize output and quality and improve the set-up process.
60 percent of customers come from the automotive and supplier industry, with a growing share in e-mobility. Other important sectors include mining, construction, electrical engineering, medical technology, household appliances, agriculture and the furniture industry. The export share is over 60 percent. Today,
Wafios is a group of companies with Wafios AG in Reutlingen as the parent company and several locations in Germany (Reutlingen, Marktredwitz, Wuppertal, Berlin, Simonswald), in France (Ecuelles), in Portugal (Maia), in America (Branford/USA, Mokena/USA, Querétaro/Mexico, São Paulo/Brazil) and in Asia (Shanghai/China, Zhangjiagang/China) to support customers on site.
Web:
www.wafios.de
