In the digital value chain of the automotive industry, information security plays a decisive role. Partners and suppliers working in this sector encounter the TISAX® standard for information security. However, the processes required for TISAX® assessment often pose complex challenges and industry-specific demands. COCUS supports medium-sized companies in their preparations and assists in optimizing their Information Security Management System (ISMS).
A current example is the successful collaboration between COCUS and pacemaker.ai, an innovative company in the field of AI-supported supply chain optimization and sustainable resource management. Founded by thyssenkrupp, pacemaker.ai combines industrial experience with agile software development, enabling it to guarantee information security in dynamic processes.
pacemaker.ai deliberately decided against a purely internal implementation, as setting up additional structures, familiarizing itself with complex requirements, and the associated overhead would have tied up considerable resources. By working with COCUS, the company was able to maintain its focus on its core business while ensuring the required compliance under considerable time pressure.
What is TISAX® and why is expert support so valuable?
TISAX® (Trusted Information Security Assessment Exchange) is the information security standard developed by the German Association of the Automotive Industry (VDA). It was created to ensure uniform security levels between manufacturers, service providers, and suppliers. Every TISAX® assessment is based on a structured Information Security Management System (ISMS), which ensures that processes, roles, and policies for protecting sensitive data are clearly defined.
The requirements are based on the international standard ISO/IEC 27001 and are now mandatory for many automotive clients. The security concept must meet a specific assessment level (Level 2 or Level 3) and is evaluated by accredited audit providers.
For companies new to the topic, this can quickly become a challenge: the VDA ISA catalog is extensive, terminology is complex, and the requirements reach deep into internal processes. This is where expert TISAX® consulting proves its value by providing clarity, structure, and practical implementation.
pacemaker.ai on the way to the next level of security
Most recently, COCUS supported pacemaker.ai in the further development and optimization of its existing information security management system (ISMS) in accordance with TISAX® requirements. The aim was to adapt the security structures to the high standards of the automotive industry without restricting the company’s agile working methods.
COCUS relied on proven methods and insights from previous TISAX® projects, ensuring that implementation was not only efficient but also exceptionally fast.
To achieve this, COCUS conducted a detailed gap analysis based on the VDA-ISA catalog, identified potential areas for improvement, and developed practical guidelines and standards. Regular reviews with internal stakeholders resulted in a solution that is transparent, efficient, and tailored to pacemaker.ai for long-term effectiveness.
Following the collaboration, pacemaker.ai now has a customized, TISAX-compliant framework for processes, guidelines, and responsibilities. Existing security guidelines were brought more into line with operational reality, while awareness of information security grew throughout the company. The company benefited from a fully integrated approach based on operational implementation experience, which strengthened internal processes in the long term.
"Working with COCUS was the right decision for us, as we didn't want to burden our internal team with additional tasks. This allowed us to focus fully on our core business while ensuring that we met our customers' requirements in the shortest possible time. It was particularly valuable for us that our team was completely relieved of the extensive bureaucratic and formal requirements surrounding TISAX and did not have to familiarize itself with these complex issues first. COCUS' structured and practical approach helped us to implement the TISAX preparation efficiently and with clear results."
Andreas Höppener
CTO/ISO, pacemaker.ai
COCUS as a partner for successful TISAX® preparation
COCUS’s IT infrastructure and consulting services are themselves ISO 27001 certified. In addition, COCUS successfully renewed its own TISAX® certification in 2025 and knows exactly what matters in the audit process and how companies can prepare effectively. That is why we support companies on their path to TISAX® preparation.
COCUS supports organizations throughout the entire TISAX® journey, from initial needs assessment and defining the right label and assessment level, to conducting gap analyses, supporting self-assessments, optimizing the ISMS, and preparing for the audit.
Beyond the certification project, COCUS ensures sustainable information security. Since a TISAX® label is valid for three years, COCUS helps clients stabilize processes and continuously prepare for the next audit cycle.
A higher, verified level of security not only builds trust but also opens doors to new business opportunities in the automotive industry.
Compliance as an investment in a secure future
For pacemaker.ai, working with COCUS not only meant structured preparation for certification, but also the expansion of its internal security expertise, which will strengthen the company in the long term. The project underscores that TISAX® is not just a compliance task, but a lever for quality and security.
A successful TISAX® assessment goes beyond obtaining a label: it shows partners and clients that information security is not just a concept, but a lived practice which creates confidence and enables future collaboration.
TISAX is a registered trademark and governed by ENX Association.
https://enx.com/tisax
