What's the difference between AL 1, AL 2, and AL 3?

Assurance Levels reflect the protection needs of the data being assessed. AL 1 is self-assessment only (low protection needs). AL 2 is self-assessment plus a remote audit (high protection needs, typical for ordinary supplier data). AL 3 adds an on-site audit (very high protection needs, required for prototype data, vehicle pre-production information, and OEM-mandated cases). Most automotive suppliers need AL 2 with AL 3 overlays for prototype scope.

Do you cover prototype protection (PP) and data protection (DP) scopes?

Yes — both prototype protection and data protection are covered as module overlays on top of the core information security curriculum. Prototype protection covers physical security, photo controls, NDA handling, and pre-production data lifecycle. Data protection covers GDPR/DSGVO obligations as they manifest in automotive supplier contexts.

How does TISAX interact with ISO 27001?

TISAX and ISO 27001 share substantial control overlap (VDA ISA 6.0 references ISO/IEC 27001:2022 directly). An ISO 27001-certified organisation has a head start on TISAX preparation, and the same training program typically satisfies both. We map curriculum to both standards where applicable.

How long does a typical enterprise rollout take?

Most rollouts are live for the workforce within 5 business days of contract signature. Multi-site rollouts (suppliers with multiple production locations under one TISAX scope) typically take 7–10 business days due to per-site setup.

How does pricing work for a team of 500 workforce members?

Enterprise pricing is volume-based with discount tiers at 25, 50, 100, 250, and 500+ workforce members. A 500-member rollout typically lands 35–40% below list price. Multi-year terms unlock further discounts and include the annual refresher cycle plus content updates as VDA ISA catalogues evolve.

Can we add custom modules — e.g. our prototype handling procedure?

Yes. We routinely add policy attestations and custom modules: information security policies, prototype handling procedures, supplier security requirements, OEM-specific contractual requirements. Your CSM scopes the additions during onboarding.

Do you offer single sign-on and SCIM?

Yes — SAML 2.0, OIDC, and SCIM provisioning are included on enterprise plans. New joiners are auto-enrolled into the right modules based on department; leavers are de-provisioned automatically.

Can we white-label certificates and learner emails?

Yes — your logo is added to certificates and learner-facing emails on every enterprise plan. Single-tenant white-label and custom domain are available on request.

TISAX Awareness Training

Done-for-you TISAX training for automotive suppliers

We deliver mandatory TISAX awareness training across your workforce — VDA ISA control catalogue, prototype protection, data protection, and connection to customer assessments. Designed for automotive suppliers in the VW, BMW, Mercedes-Benz, Audi, Stellantis, and Porsche supply chains. Live for your team in under a week.

Get a Team Quote Browse the Course Catalog

100,000+ professionals trained
Aligned to VDA ISA 6.0
Live for your team in 5 business days

admin.compliquest.com / tisax / training

TISAX Programme · Q2 2026

Training completion overview

● LIVE

847

Enrolled

92%

Completed

4.8★

Rating

Overdue

All Workforce Members

100%

Engineering & R&D

96%

Manufacturing & Production

88%

Procurement & Supplier Mgmt

74%

Audit-ready

Article 39 met

Records signed & timestamped

Certificate Issued

847 employees

4-WEEK ROLLOUT

Programmes running at

RocheCoca-ColaSamsungHuaweiMicrosoftJPMorgan ChaseVolkswagenShellNestléSiemensBMWUnileverAXALufthansaPfizerAdidasRocheCoca-ColaSamsungHuaweiMicrosoftJPMorgan ChaseVolkswagenShellNestléSiemensBMWUnileverAXALufthansaPfizerAdidas

// why teams choose us

Why TISAX awareness training is mandatory — not optional

Trusted Information Security Assessment Exchange (TISAX) is the de-facto information security qualification for the European automotive industry, governed by ENX Association. The VDA ISA control catalogue (currently version 6.0) makes information security awareness, training, and competence explicit assessment objectives at every protection level (AL 1, 2, 3). Auditors review training records during assessments. OEMs (VW, BMW, Mercedes-Benz, Audi, Porsche, Stellantis) require positive TISAX assessment results as a precondition for supplier onboarding and ongoing contracts.

VDA ISA 6.0 — workforce awareness and training are mandatory assessment objectives at AL 1, 2, and 3

ENX-accredited audit providers review training records during AL 2 self-assessment plus AL 3 on-site audit

OEM contracts cascade: VW, BMW, Mercedes-Benz, Audi, Porsche, Stellantis require TISAX results as a sine qua non

Prototype protection (PP), data protection, and connection-to-3rd-parties scopes each require role-specific training

02 — Curriculum

Role-based
by default.

Different roles face different risks. Training tailored to job responsibilities.

01
All Workforce Members
All Workforce Members
02
Engineering & R&D
Engineering & R&D
03
Manufacturing & Production
Manufacturing & Production
04
Procurement & Supplier Mgmt
Procurement & Supplier Mgmt
05
IT & Security
IT & Security
06
Senior Management
Senior Management

03 — Process

From kickoff to fully trained in under four weeks.

weeks avg.

92%

completion

01Step
Week 1 · Discovery
Scope your risk
A 60-min working session with a specialist. We map your obligations, current training gaps, and regulator priorities in your jurisdiction.
- Compliance scan
- Regulator review
- Role-based gap analysis
02Step
Week 2–3 · Build
Tailor & integrate
Your processes, contacts, and policies go into the modules. We brand the LMS, wire SSO, and connect HRIS so enrolment is automatic.
- Custom scenarios
- White-label LMS
- HRIS / SSO sync
03Step
Week 4+ · Operate
Deploy & evidence
Roll out to all staff. Automated nudges hit non-completers. Manager dashboards in real time. Audit-ready records when regulators ask.
- Automated nudges
- Real-time dashboards
- Evidence pack

Ready to scope your programme?

Book a 30-min discovery call — no slides, no pitch, just specifics.

// platform & delivery

What every enterprise rollout includes

Managed rollout in 5 business days

Dedicated customer success manager handles enrolment, role mapping, kickoff communications, and reminder cadence.

Audit-ready evidence for ENX assessors

Dated certificates per workforce member, exportable completion logs, and role-mapped curriculum records that satisfy VDA ISA 6.0 audit checks at AL 1, 2, and 3.

Manager dashboard & reporting

Track completion across teams, sites, and TISAX assessment scopes. Export evidence packages for ENX assessors and OEM customer audits.

Single sign-on (SSO) & SCIM

SAML 2.0, OIDC, and SCIM provisioning. New joiners enrolled automatically. Leavers de-provisioned. Zero admin overhead.

Annual refresher cycle built-in

Multi-year licensing rolls workforce members forward each year. Refresher content tracks VDA ISA catalogue updates and ENX audit interpretations.

Custom modules & policy attestations

Your logo on certificates, co-branded learner emails, and the option to attach your information security policy, prototype handling procedure, or supplier security requirements to any module.

// from a customer

We supply Tier 1 to BMW and Mercedes-Benz and needed AL 3 prototype protection across two sites. The training rollout covered engineering, manufacturing, and security teams with the right module overlays. Our ENX assessor signed off Annex A 6.3 evidence on first review.

Head of Information Security, BMW

Automotive — 1,500+ workforce members trained

★★★★★

// by the numbers

Lost

OEM contracts without TISAX

AL 2/3

is the typical OEM requirement

VDA ISA 6.0

is the current control catalogue

// frequently asked

Common questions.

Don't see your question? Send us a note — we usually reply same day.

Ask a question

TISAX is contractually mandatory rather than legally mandatory — but the practical effect is the same. OEMs (VW, BMW, Mercedes-Benz, Audi, Porsche, Stellantis) require positive TISAX assessment results as a precondition for supplier onboarding and ongoing contracts. The VDA ISA 6.0 catalogue makes workforce awareness and training explicit assessment objectives, and ENX-accredited assessors review training records during AL 2 self-assessment and AL 3 on-site audit.

Related guides

Cybersecurity

NIS2 Directive: Who Must Comply? The Definitive Guide to Scope, Sectors, and Obligations in 2026

Education

Compliance Glossary: Key Terms and Definitions 2026

Cybersecurity

CISO Roles and Responsibilities: The Complete Guide for 2026

Ready when you are

Ready to brief us on your team rollout?

Tell us your TISAX assessment scope (information security, prototype protection, data protection), your assurance level (AL 1, 2, 3), and your headcount across sites. We'll come back with a curriculum proposal, pricing, and a rollout plan within 1 business day.

Get a Team Quote Browse the Course Catalog

// programme summary

Time to deploy

4 weeks

Audience

All staff + role tiers

Languages

12 included

Updates

Quarterly, automatic

Pricing

Done-for-you TISAX training for automotive suppliers

100,000+ professionals trained

Aligned to VDA ISA 6.0

Live for your team in 5 business days

What every enterprise rollout includes

Managed rollout in 5 business days

Dedicated customer success manager handles enrolment, role mapping, kickoff communications, and reminder cadence.

Audit-ready evidence for ENX assessors

Dated certificates per workforce member, exportable completion logs, and role-mapped curriculum records that satisfy VDA ISA 6.0 audit checks at AL 1, 2, and 3.

Manager dashboard & reporting

Track completion across teams, sites, and TISAX assessment scopes. Export evidence packages for ENX assessors and OEM customer audits.

Single sign-on (SSO) & SCIM

SAML 2.0, OIDC, and SCIM provisioning. New joiners enrolled automatically. Leavers de-provisioned. Zero admin overhead.

Annual refresher cycle built-in

Multi-year licensing rolls workforce members forward each year. Refresher content tracks VDA ISA catalogue updates and ENX audit interpretations.

Custom modules & policy attestations

Your logo on certificates, co-branded learner emails, and the option to attach your information security policy, prototype handling procedure, or supplier security requirements to any module.

Common questions.

Don't see your question? Send us a note — we usually reply same day.

Ask a question

Ready to brief us on your team rollout?

Done-for-you TISAX training for automotive suppliers

Why TISAX awareness training is mandatory — not optional

Role-basedby default.

From kickoff to fully trained in under four weeks.

Scope your risk

Tailor & integrate

Deploy & evidence

What every enterprise rollout includes

Managed rollout in 5 business days

Audit-ready evidence for ENX assessors

Manager dashboard & reporting

Single sign-on (SSO) & SCIM

Annual refresher cycle built-in

Custom modules & policy attestations

Common questions.

NIS2 Directive: Who Must Comply? The Definitive Guide to Scope, Sectors, and Obligations in 2026

Compliance Glossary: Key Terms and Definitions 2026

CISO Roles and Responsibilities: The Complete Guide for 2026

Ready to brief us on your team rollout?

Done-for-you TISAX training for automotive suppliers

Why TISAX awareness training is mandatory — not optional

Role-basedby default.

From kickoff to fully trained in under four weeks.

Scope your risk

Tailor & integrate

Deploy & evidence

What every enterprise rollout includes

Managed rollout in 5 business days

Audit-ready evidence for ENX assessors

Manager dashboard & reporting

Single sign-on (SSO) & SCIM

Annual refresher cycle built-in

Custom modules & policy attestations

Common questions.

NIS2 Directive: Who Must Comply? The Definitive Guide to Scope, Sectors, and Obligations in 2026

Compliance Glossary: Key Terms and Definitions 2026

CISO Roles and Responsibilities: The Complete Guide for 2026

Ready to brief us on your team rollout?

Role-based
by default.

Role-based
by default.