In a nutshell: TISAX certifications are often delayed by inadequate preparation and lack of backup-restore testing before the audit even begins.
VDA-ISA audits for TISAX certification frequently fail before the actual audit date because fundamental security requirements are not met. Unclear data classification and untested backup processes are among the main causes of certification delays.
Preparation for TISAX audits according to VDA-ISA-6 standard determines even before the official audit whether certification is realistic. Automotive industry companies and their suppliers must proceed in a structured manner to avoid failing on preventable deficits.
The most common causes of delay include insufficiently documented data classification schemas, missing or inadequately tested backup and restore processes, and gaps in access control and identity management. These are requirements that must be addressed long before the audit and cannot be remedied in a few weeks.
For CISOs, this means: audit preparation requires a systematic review of governance documentation, an inventory of actually implemented technical controls, and a validation test run of critical recovery processes. Only when these foundations are solid should the audit application be submitted.
Source: www.security-insider.de · Published 9 July 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.