EventJoin us at AWS re:Invent 2024! Learn how to use MongoDB for AI use cases. Learn more >>

Back to Trust Center


Trusted Information Security Assessment Exchange (TISAX)

TISAX, or Trusted Information Security Assessment Exchange, is a certification program for information security in the automotive industry. Based on the Information Security Assessment (ISA) security requirements created by the German Association of the Automotive Industry (VDA) , TISAX provides an industry-specific security framework for assessing information security for the wide landscape of suppliers, OEMs, and partners that contribute to the automotive supply chain. The TISAX certification verifies that a company's security system adheres to this framework and allows sharing of assessment results.

There are three assessment levels of TISAX certification. MongoDB has been evaluated by Schellman Compliance, an independent certifying body accredited to conduct TISAX audits, and demonstrated compliance with the requirements and controls of the Information Security Objective at assessment level 3 (AL3) for very high high protection needs, which is the highest assessment level available and signifies a supplier's ability to handle and protect highly sensitive data.

What is TISAX?

Trusted Information Security Assessment Exchange (TISAX) is an assessment and exchange mechanism for information security in the automotive industry. The TISAX certification confirms that a company’s information security management system complies with defined security levels and allows sharing of assessment results across a designated platform.

Who created TISAX?

To meet the information security needs of the automotive industry, the German Association of the Automotive Industry (VDA), in partnership with an association of European automotive manufacturers, called the European Network Exchange (ENX), established a set of widely accepted security requirements and outlined these in a catalogue known as the VDA Information Security Assessment (ISA). The TISAX certification is based on the ISA requirements.

Who administers TISAX?

(TISAX) is administered by the European Exchange Network (ENX) Association on behalf of the German Association of the Automotive Industry (Verband der Automobilindustrie, VDA).

To whom does TISAX apply?

TISAX applies to organizations that do business with European automotive companies. This includes suppliers of parts and components for cars, as well as providers of IT services and software.

What MongoDB products and services are in the scope of the assessment?

The TISAX assessment applies to MongoDB in its entirety. The following products are included: MongoDB Cloud Services (including MongoDB Atlas, MongoDB Atlas Apps, Realm, MongoDB Atlas Data Federation, MongoDB Charts), Cloud Manager, and Atlas Serverless Database.

What TISAX level is MongoDB currently assessed at?

MongoDB has demonstrated compliance with the requirements and controls of the Information Security Objective at assessment level 3 (AL3) for very high high protection needs, which is the highest assessment level available and signifies a supplier's ability to handle and protect highly sensitive data.

Where can I find further information about MongoDB’s TISAX assessment?

You can find MongoDB’s TISAX assessment details on the ENX Portal.