Sign In
Automotive · TISAX · VDA-ISA

Tooling data.OEM correspondence.With TISAX context.

SecureFiles and MailGuard for automotive suppliers and Tier-1/Tier-2 manufacturers with TISAX and VDA-ISA context. EU hosting, modular by function. As of 2026.

Request a demoSecureFiles in detail
At a glanceAs of 2026

TISAX measures without a TISAX surcharge.

  • Tooling data via FTP or file hosterSecureFiles with retention per project
  • OEM phishing from forged domainsBEC and URL-reputation layer at the inbox
  • TISAX audit without measure mappingMeasures auditably documented
SecureFiles for tooling data and OEM bundles, MailGuard for OEM correspondence. TISAX measures auditably documented, EU hosting on ISO-27001 infrastructure.
Right for you if:Tier-1 and Tier-2 suppliersTooling and engineering dataTISAX maturity
100 %
EU hosting
TISAX
context
VDA-ISA
mapping
30 min.
Setup per tenant

Compliance anchors

TISAX information securityVDA-ISA catalogueIATF 16949 data securityOEM supplier requirements

Conbool supports TISAX and VDA-ISA measures at the mail and data layer. TISAX maturity rating is determined by the audit house based on the supplier setup; Conbool documents the measures auditably.

Four building blocks for the supplier.

SecureFiles for tooling data, MailGuard against OEM phishing, SecureMail for contracts and audits, Disclaimer for required disclosures.

SecureFiles

SecureFiles

Tooling data, engineering bundles and OEM deliveries as a direct line with retention per project.

SecureFiles in detail
MailGuard

MailGuard

BEC, forged OEM domains and attachment protection for plant, sales and purchasing inboxes.

MailGuard in detail
SecureMail

SecureMail

Encrypted correspondence to OEMs, auditors and counsel.

SecureMail in detail
Disclaimer

Disclaimer

Per-plant and per-brand disclosures server-side.

Disclaimer in detail
Typical workflows

Four scenarios from a supplier.

From tooling to the TISAX audit.

1

Send tooling data to OEMs

Tooling and engineering data as a bundle via SecureFiles, with retention per project and audit log per access.

2

Catch OEM phishing

Forged OEM domains trying to change bank or delivery details are blocked by MailGuard at the authentication layer.

3

Audit preparation

Audit log per GDPR Art. 30 as evidence in the TISAX audit.

4

Plant-floor IP protection

SecureFiles with retention policies per project and tool.

Architecture

Office IT for plants and HQ.

Conbool sits in front of Microsoft 365. CAD, PLM and ERP remain unchanged. OT networks stay separated.

MX switch

Inbound SMTP runs through Conbool, M365 stays the back-end.

OT separation

Conbool does not interact with OT or plant-control networks.

Outlook add-in

Classic, New and Web with no end-user setup.

Coexistence

Conbool coexists with common ERP, PLM and CAD systems via Outlook and SMTP.

Compliance mapping

TISAX and VDA-ISA in technical terms.

TISAX assesses information security per the VDA-ISA catalogue. Conbool covers several controls at the mail and data layer.

Confidentiality

End-to-end encryption in SecureMail and SecureFiles.

Integrity

DMARC-aligned outbound identity, tamper protection in the audit log.

Availability

Multi-stage filter and backpressure protection layers.

Maturity evidence

Audit log per GDPR Art. 30 as evidence for TISAX maturity levels.

Migration

Pilot in one plant, then group rollout.

Pilot in one plant or subsidiary, then group rollout via the Microsoft admin centre.

Pilot

One plant or subsidiary starts, the rest stays unchanged.

Group rollout

Outlook add-in for all office staff via the admin centre.

OEM onboarding

SecureFiles lanes to OEM recipients set up per project.

Legacy sunset

Existing file hosters and FTP paths run in parallel and are replaced step by step.

Frequently asked questions

How does Conbool fit TISAX?
TISAX assesses information security per the VDA-ISA catalogue. Conbool supports several controls at the mail and data layer. Maturity rating is determined by the audit house based on the supplier setup.
What about VDA-ISA?
Conbool covers measures from several chapters of the VDA-ISA catalogue, in particular around information security and data exchange in the supply chain.
Can we send tooling data uncompressed?
Yes. SecureFiles accepts large bundles without a hard per-file size cap. Tooling data and engineering bundles flow directly from plant to OEM.
What about IATF 16949?
Conbool supports the required protections for data in the supply chain through encryption, audit log and EU hosting. IATF-specific requirements are assessed by the audit house.
What does Conbool cost for suppliers?
Modular per function and per mailbox. Concrete pricing on request, depending on headcount and modules.
Can we represent multi-plant structures?
Yes. Conbool supports multi-tenant setups or one central tenant for the corporate group.
How does this fit OEM supplier requirements?
Conbool documents the measures auditably so that they can flow into OEM self-assessments and supplier scorecards.

Verwandte Lösungen

WeTransfer-Alternative

DSGVO-konformer Dateiversand aus der EU, ohne CLOUD-Act-Risiko.

Cryptshare-Alternative

Modulare deutsche Alternative mit echtem Zero-Knowledge.

FTP-Alternative

Sicherer Dateitransfer statt FTP — Outlook-Add-in, Audit-Log, NIS-2.

DSGVO-konformer Dateiversand

Verschlüsselter Dateiversand nach Art. 32 DSGVO und NIS-2.

Sicherer Posteingang

Dateien sicher empfangen — persönlicher Upload-Link für Externe.

Große Dateien per Outlook

Outlook-Anhang zu groß? Direkt aus Outlook verschlüsselt versenden.

Verwandte Branchen

Conbool ist in benachbarten Branchen mit ähnlichem Compliance-Profil im Einsatz.

Maschinenbau & Industrie

TISAX und Konstruktionsdaten beim Mittelstands-Zulieferer mit OEM-Audit.

Versicherungen

KFZ-Schadenmeldung, Produkthaftung und Rückrufmanagement gegenüber Versicherern.

Pharma & MedTech

Hersteller-Compliance mit GxP, ISO-Audits und qualifizierten Lieferanten-Audits.

A TISAX-fit stack for the supplier.

Demo in 30 minutes. Pilot in one plant. Modular by function.

Request a demoSecureFiles in detail

Sources and date

Statements about TISAX and VDA-ISA are based on the publications of the German Association of the Automotive Industry (VDA) and the ENX Association in their respective version. Statements about IATF 16949 are based on the standard in its respective version. Statements about GDPR are based on Regulation (EU) 2016/679. As of 2026.

TISAX is a trademark of the ENX Association. VDA is a designation of the German Association of the Automotive Industry. Microsoft, Microsoft 365 and Outlook are trademarks of Microsoft Corporation. Conbool is a trademark of Conbool GmbH.