The automotive industry is faced with unique challenges in today's digital age. Cars are no longer just modes of transportation; they also provide entertainment options, computer-like functionality, location tracking, WiFi, and the like. As such, the automotive industry is tasked with the same challenges as other industries, including ensuring data security, agile collaboration, and streamlined development processes. And GitLab is here to help as a Trusted Information Security Assessment Exchange (TISAX) certified organization.

Here at GitLab, Results for Customers is a core value and we “exist to help customers achieve more." Our customers requested that we pursue the TISAX certification, which is an industry standard for the European automotive industry.

What is TISAX?

TISAX is an assessment and exchange mechanism that provides the proof customers need that a company complies with requirements outlined in the Information Security Assessment (ISA). General ISA coverage categories include:

Assessment Level 1: ISA questionnaire and published self-assessment

Assessment Level 2: ISA questionnaire, published self-assessment and third-party review and certification from an approved third party provider

Assessment Level 3: ISA questionnaire, published self-assessment and third-party review and certification from an approved third party provider via an on-site inspection

There are also objective categories within each assessment level such as:

Info high: Assessment Level (AL)2

Info very high: AL3

Data: AL2

Special Data: AL3

As GitLab is all remote, AL2 was the highest level applicable to our organization.

How is TISAX applicable to GitLab’s DevSecOps platform?

GitLab is committed to maintaining and expanding security certifications and attestations to support information security. Our mission is to make it so that everyone can contribute. TISAX was an applicable certification expansion as the initial inquiries were received from new and existing customers (contributions!). There was strong alignment with our existing security certifications and attestations and our commitment to information security via our Information Security Management System (ISMS). The scope of our ISMS includes customer data, software, people, and internal information assets to host, operate and support GitLab SaaS subscriptions: GitLab.com and GitLab Dedicated.

Through the ISMS, we look at various aspects of our DevSecOps platform to provide a high level of assurance that our information security policies, standards and procedures, operations, and performance align with customer challenges to deliver software faster, built-in security, regulatory compliance, and much more.

With our TISAX Assessment Level 2 - High availability and protection certification, we have demonstrated our unwavering commitment to providing our automotive customers with a secure, reliable, and efficient DevSecOps platform.