Question 1

Is TISAX mandatory for Munich automotive suppliers?

Accepted Answer

TISAX is not mandated by law, but OEMs including BMW, Audi and Volkswagen contractually require their suppliers to hold a valid TISAX label before accessing sensitive prototype data or vehicle development information. Without TISAX, Munich-based suppliers risk losing contracts with major automotive customers.

Question 2

Which certification bodies conduct TISAX assessments in Bavaria?

Accepted Answer

TISAX assessments are conducted by ENX-approved audit providers, not general certification bodies. Approved providers include KPMG, TÜV SÜD, and SGS Germany, all of which operate in the Munich and Bavaria region. KaitoSec prepares you for the VDA ISA questionnaire regardless of which provider you choose.

Question 3

How does BSI Grundschutz differ from ISO 27001 for Munich companies?

Accepted Answer

BSI Grundschutz provides a prescriptive, module-based approach to information security developed by Germany's Federal Office for Information Security (BSI). ISO 27001 is a risk-based international standard. Many Munich enterprises, particularly those with public-sector contracts, pursue BSI Grundschutz certification alongside ISO 27001. KaitoSec supports both.

Question 4

Can KaitoSec help Siemens or BMW suppliers achieve multi-framework compliance?

Accepted Answer

Yes. KaitoSec is specifically designed for organisations that must satisfy multiple frameworks simultaneously. A Munich automotive supplier can map controls once and generate evidence for TISAX, ISO 27001 and BSI Grundschutz from a single platform, eliminating duplicate work across separate compliance projects.

TISAX-grade resilience for Munich's industrial base

Automotive Supply Chain Ready

TISAX AL2 and AL3 Readiness

Multi-Entity ISMS for Larger Munich Operations

FAQ

Product

Frameworks

Solutions

Services

Resources

Company

Legal