Trusted Information Security Assessment Exchange (TISAX)

FAQs

• Which AWS Regions are covered by the TISAX certification?

  All the below regions are assessed at TISAX Information with Very High Protection Needs (AL3) label with Zero non-conformities for the control domains Information Handling and Data Protection:
  
  Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Milan), Europe (Paris), Europe (Stockholm), US East (Northern Virginia), US East (Ohio), US West (Oregon), and South America (São Paulo).
  
  The scope ID and assessment ID for the ENX portal are S58ZW2 and AYZ40H-1, respectively.

• Which AWS services are covered by the TISAX certification?

  The TISAX assessment is service-agnostic (i.e., it doesn’t test controls unique to services) and regions are assessed instead. All AWS services deployed in an assessed region are considered certified provided that the region is successfully assessed.
  

• What is the TISAX certification?

  TISAX is a European automotive industry-standard information security assessment (ISA) catalog based on key aspects of information security such as data protection and connection to third parties.

  To complete the TISAX assessment, AWS was successfully audited by an accredited independent assessor.
  

• Who created the TISAX standard?

  TISAX was developed by the Association of the German Automotive Industry (VDA) in partnership with an association of European automotive manufacturers, called the European Network Exchange (ENX).

  The current version of the ISA standard was released in 2022.