Discover the TISAX assessment levels (AL1, AL2, AL3) and their relevance for automotive suppliers. Ensure your compliance with European security standards.

---

In the automotive industry, where the protection of sensitive information and data security are paramount, European manufacturers and suppliers are increasingly requiring their partners to be TISAX (Trusted Information Security Assessment Exchange) certified. This standard has become a key requirement for participation in the supply chains of OEMs and Tier 1 manufacturers in Europe.

TISAX not only assesses information security in accordance with the principles of ISO/IEC 27001, but also incorporates additional requirements specific to the automotive sector, known as VDA ISA, which regulate aspects such as prototype protection, technical information confidentiality, and customer and partner data management.

One of the aspects that raises the most questions is which assessment level corresponds to each company: AL1, AL2, or AL3. Understanding the differences is essential to ensure proper compliance and maintain the trust of customers and business partners.

---

🔹 AL1 – Basic level of TISAX assessment

AL1 is intended for organizations that handle low-sensitivity information and whose activities do not involve access to prototypes or highly confidential data.

• Type of assessment: Internal self-declaration, without external audit.
• Purpose: To confirm an initial commitment to information security.
• Application: Suitable for indirect suppliers or companies that do not handle sensitive automotive industry data.

Although AL1 allows basic compliance to be demonstrated, it does not grant official visibility on the TISAX platform, so it is often insufficient for business relationships with manufacturers or Tier 1 suppliers that require formal assessment.

---

🔹 AL2 – Intermediate level of TISAX assessment

AL2 applies to companies that manage sensitive information, such as blueprints, technical documentation, or strategic project data.

• Type of assessment: Plausibility audit conducted by a TISAX-accredited provider.
• Evidence required: Completed VDA ISA questionnaire, document review, and interviews.
• Purpose: To ensure that the controls and procedures established to protect confidential information are being applied correctly.

This level is the most common among automotive suppliers, as it meets the requirements of most European manufacturers.

---

🔹 AL3 – Advanced level of TISAX assessment

AL3 is the most demanding level, intended for organizations that manage highly sensitive information or physical prototypes of vehicles and components.

• Type of assessment: Comprehensive on-site audit conducted by an accredited provider.
• Evidence required: In-depth review of documentation, interviews, and physical verification of technical and security controls.
• Purpose: To demonstrate full compliance with VDA ISA requirements and protect critical information from leaks or industrial espionage.

This level is mandatory for companies with direct access to prototypes or extremely sensitive information, where data protection is strategic to maintaining competitiveness.

---

🧭 How to determine which TISAX level your organization needs?

The choice of TISAX assessment level depends on the type of information handled and the contractual requirements or NDAs signed with customers and manufacturers.

• AL1: administrative or commercial information, without access to technical data.
• AL2: sensitive technical information, development documentation, and project plans.
• AL3: physical prototypes, development components, or highly confidential information.

Properly understanding the necessary level allows you to comply with TISAX standards, maintain the trust of European customers, and ensure business continuity in the automotive supply chain.

---

💼 How Ariol Consulting can support you with TISAX

At Ariol Consulting, we have professionals who specialize in TISAX and information security in the automotive sector. We can help you understand the assessment levels and accompany you throughout the certification process, ensuring that your company complies with the standards required by European manufacturers and suppliers.