Generic filters
Filter by Standorte
Filter by Funktionen
Generic filters
Filter by Standorte
Filter by Funktionen

Successful preparation of the IFA Group for the TISAX label

The IFA Group is an automotive supplier with seven development and production sites worldwide. Like many other suppliers and service providers who work with sensitive information, IFA has been asked by OEMs to demonstrate compliance with the TISAX label. TISAX is a testing and exchange mechanism to demonstrate compliance with information security requirements.

Customer: IFA Group

The IFA Group develops and produces shafts, joints and components for renowned automobile manufacturers in countries such as Germany, the USA, China and Poland with approximately 2,600 employees. As a result, it is one of the top 50 companies in the German supplier industry and can count BMW, Ferrari, Ford, GM, Mercedes- Benz, Porsche and Volkswagen among its customers.

The company’s success factors include forward-looking research and sustainable development, which is why it is currently focusing on shafts for electric drives. It is interesting to know that the longitudinal and lateral shafts used in hybrid and purely electric vehicles must be able to withstand particularly high torques and at the same time exhibit only very low noise development.

Initial situation and challenges

Currently, many suppliers and service providers of the OEMs (Original Equipment Manufacturer) are contacted to present the TISAX label by a given deadline. TISAX (Trusted Information Security Assessment Exchange) is a questionnaire developed by the VDA (German Association of the Automotive Industry) and the ENX Association, which is based on ISO 27001 and has been expanded to include prototype and data protection. The focus is on information security, for which requirements have been defined that service providers and suppliers must meet towards their customers.

From planning and preparation to actual implementation, a great effort is required that must be compatible with the strict deadlines of the OEMs.


To gain an initial overview of the current status of information security at the IFA Group, a GAP analysis was carried out using the VDA-ISA catalog, for which selected key users were interviewed.

For the subsequent recording of the asset inventory and the risk assessment, all processes of the company were documented and analyzed with regard to information security, so that suitable measures could be defined.

Ensuring sufficient awareness among employees by emphasizing the importance of information security is fundamental for this process.

To regularly gain more knowledge, the company relies on training courses that employees can complete independently online. In this way, employees learn how to integrate information security into their daily work and how to deal with dangers, such as phishing.

An ISMS (Information Security Management System) was also introduced to ensure a central storage location for all information and documentation relevant to TISAX. A decisive advantage is the direct linking of assets with the associated risks and measures. In contrast to several endlessly long Excel lists, an ISMS provides a good overview and makes it much easier to maintain the data. The process of releasing documents is also significantly reduced and can be managed with the help of role assignment. It is very important to ensure intuitive use when setting up an ISMS, so that all employees can access the information they need fast and easy.

Eventually, the risk assessment was followed by the planning and implementation of appropriate measures to reduce the likelihood of occurrence and/or the consequences. For this step, so-called controls were used, which are based on ISO 27002 and adapted to the IFA Group.

As soon as the measures have been implemented or are still being implemented, an internal audit is carried out by an ISO (Information Security Officer).
In this audit the current maturity of the ISMS will be analyzed, so that further measures can be initiated if necessary. This is followed by the final audit by an external auditor from a accredited certification body, which in the case of the IFA Group is TÜV Süd.

In the meantime, the audit by TÜV Süd has taken place. Despite the challenge of having four sites with a large number of employees simultaneously TISAX certified, the IFA Group successfully acquired the TISAX label at the first attempt with a very good result.

Since the maturity level of information security is tracked in a PDCA cycle (Plan-Do-Check-Act), an internal audit is scheduled every year so that the TISAX label can also be confirmed every three years in the future without non-conformities.

Customer benefits

As a future-oriented company, the IFA Group wants to guarantee its customers security in the exchange and processing of information. By obtaining the TISAX label, this security awareness is communicated to the OEMs, so that the decades-long trust is strengthened and further orders are worked on together. The advancement of digitization through the use of a cloud solution as ISMS also speaks for the progressiveness of the company. In the near future, the IFA Group plans to additionally use this process- supporting system in other areas of the company for the central management of documents and processes.

Ida Mußack

Ida Mußack
As a consultant in the area of M&A transformation, she is responsible for IT carve-out projects of our customers in the private equity sector worldwide. As an Information Security Officer at TÜV Süd, she additionally oversees information security, the achievement of ISO27001 certification and the implementation of the TISAX label of renowned international clients. Ida holds a Master’s degree in Mechanical Engineering from the University of Applied Sciences in Kempten, Germany, and has been able to specialize in the areas of M&A Transformation and Information Security over the past years.


Get in touch with our experts. Please call +49 89 2 62 07 56 12 or use the contact form:
By submitting this form, I consent to the processing of personal data in accordance with the Privacy Policy.*

Similar Posts

Dennis Heller

The idea for this blog post series arose from the situation at a customer, where we introduced CI/CD because the manual workload was no longer manageable. The following instructions are therefore fresh from practical experience. For simplicity, we have shortened the long road of trial and error and present here only the final results. The code snippets are exemplary but sufficient to present the functionality.

Ida Mußack
As part of an M&A carve-out, Tremonia Mobility GmbH, based in Dortmund, Germany, was acquired as Mercedes Benz Minibus GmbH from Aequita SE & Co. KGaA and spun off from Daimler AG (now: Mercedes Benz AG). On the way to a successful standalone, digatus has ensured future-oriented changes by applying a modern strategy.
Adrian Liepert

Munich, January 11, 2023: The IT service provider digatus it group AG continues its buy & build strategy and thus its growth course and complements existing IT M&A expertise by merging with M&A digitalization partner MAxpertise GmbH. With effect from 01.01.2023, MAxpertise is thus 100% part of the digatus group.