Blog Security GitLab drives automotive industry information security with TISAX certification
Published on: January 30, 2024
3 min read

GitLab drives automotive industry information security with TISAX certification

Learn why we pursued this certification and how it will help GitLab customers in the automotive industry.

speed - roadway - cover

The automotive industry is faced with unique challenges in today's digital age. Cars are no longer just modes of transportation; they also provide entertainment options, computer-like functionality, location tracking, WiFi, and the like. As such, the automotive industry is tasked with the same challenges as other industries, including ensuring data security, agile collaboration, and streamlined development processes. And GitLab is here to help as a Trusted Information Security Assessment Exchange (TISAX) certified organization.

Here at GitLab, Results for Customers is a core value and we “exist to help customers achieve more." Our customers requested that we pursue the TISAX certification, which is an industry standard for the European automotive industry.

What is TISAX?

TISAX is an assessment and exchange mechanism that provides the proof customers need that a company complies with requirements outlined in the Information Security Assessment (ISA). General ISA coverage categories include:

  • Assessment Level 1: ISA questionnaire and published self-assessment
  • Assessment Level 2: ISA questionnaire, published self-assessment and third-party review and certification from an approved third party provider
  • Assessment Level 3: ISA questionnaire, published self-assessment and third-party review and certification from an approved third party provider via an on-site inspection

There are also objective categories within each assessment level such as:

  • Info high: Assessment Level (AL)2
  • Info very high: AL3
  • Data: AL2
  • Special Data: AL3

As GitLab is all remote, AL2 was the highest level applicable to our organization.

How is TISAX applicable to GitLab’s DevSecOps platform?

GitLab is committed to maintaining and expanding security certifications and attestations to support information security. Our mission is to make it so that everyone can contribute. TISAX was an applicable certification expansion as the initial inquiries were received from new and existing customers (contributions!). There was strong alignment with our existing security certifications and attestations and our commitment to information security via our Information Security Management System (ISMS). The scope of our ISMS includes customer data, software, people, and internal information assets to host, operate and support GitLab SaaS subscriptions: GitLab.com and GitLab Dedicated.

Through the ISMS, we look at various aspects of our DevSecOps platform to provide a high level of assurance that our information security policies, standards and procedures, operations, and performance align with customer challenges to deliver software faster, built-in security, regulatory compliance, and much more.

With our TISAX Assessment Level 2 - High availability and protection certification, we have demonstrated our unwavering commitment to providing our automotive customers with a secure, reliable, and efficient DevSecOps platform.

Please contact our sales team today to learn more and to get started with GitLab today.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

Find out which plan works best for your team

Learn about pricing

Learn about what GitLab can do for your team

Talk to an expert