VDA ISA criteria mapped, AL1 to AL3 scoped, prototype data controls handled, and the ENX portal evidence package compiled. Same workspace as the ISMS, BCMS and DSMS, so the next OEM assessment reuses what the last one captured.
VDA ISA criteria mapped
AL1 self-assessment, AL2 remote, AL3 on-site
ENX-ready evidence package per assessment
KaitoSec ships with the complete VDA ISA (Information Security Assessment) catalog structured as assignable criteria. Every criterion at every maturity level is linked to implementation guidance, so your team knows exactly what is required and what evidence to collect.
TISAX defines three assessment levels. AL1 for self-assessment, AL2 for remote audit, and AL3 for on-site audit with prototype data. KaitoSec helps you determine which level OEMs require and scopes your implementation work accordingly, avoiding unnecessary over-engineering.
The ENX Association portal is where TISAX results are registered and shared with OEM customers. KaitoSec prepares your evidence package in the format expected by ENX-accredited auditors and tracks portal submission status through the assessment lifecycle.
For each ISA criterion, KaitoSec tracks your current maturity level against the target maturity required by your OEM customers. A visual maturity heatmap highlights criteria that need the most attention before your assessment date.
TISAX AL3 includes specific requirements for handling prototype data and development secrets. KaitoSec provides dedicated control sets for physical security, need-to-know access, and data room requirements relevant to R&D environments.
Once your TISAX label is active on the ENX portal, KaitoSec helps you track which OEM customers have accessed your results and manage scope-sharing permissions. You stay in control of who sees what.
Built on open catalogs: BSI, MITRE, OWASP, ENISA
Related platform features
KaitoSec