Schellman becomes The First ISO 42001 ANAB Accredited Certification Body!

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Cybersecurity Assessment Services

TISAX®

Using a comprehensive approach to security management, TISAX® is a critical industry standard for information security in the automotive sector that can help your organization prove your commitment to security and compliance so you can build trust with your customers and partners.

Contact a Specialist

Enabling Transparency and Trust in the Automotive Industry

In response to the growing problem of a surplus of audits and various customer requirements, the ENX Association launched TISAX® as a new security solution for the automotive industry. Developed in collaboration with leading automotive manufacturers and suppliers, this industry-wide auditing standard is meant to help participants build a trusted and widely accepted information security program.

A TISAX® Assessment Could Help You…

The ENX Network provides organizations with the chance to create new business connections through an open, industry-focused forum. Being granted a TISAX® Label improves your reputation within the network where those results can be shared, allowing for increased opportunities for new business ventures. TISAX® Labels are consistent across organizations, allowing for common recognition and trusted results.
https://www.schellman.com/hubfs/due-diligence-1.png

Achieve Cost-Effective Security and Compliance

https://www.schellman.com/hubfs/competitive.png

Realize Further Financial Gains and Business Opportunities

https://www.schellman.com/hubfs/meet-compliance-requirements.png

Provide Third-Party Validation of Your ISMS

https://www.schellman.com/hubfs/competitive-advantage.svg

Gain a Competitive Advantage in the Market

Determine Your TISAX® Assessment By Choosing Your Objectives

In getting started with TISAX, you’ll need to register in the ENX Portal, and as part of that process, you’ll determine your assessment scope by choosing your TISAX assessment objectives and sites/locations to be assessed.
No.
ISA Criteria Catalogue
TISAX® Assessment Objective
Assessment Level

1

Information Security

Handling of information with high protection needs

AL2

2

Information Security

High Availability

AL2

3

Information Security

Handling of information with very high protection needs

AL3

4

Information Security

Very High Availability

AL3

5

Prototype Protection

Protection of prototype parts and components

AL3

6

Prototype Protection

Protection of prototype vehicles

AL3

7

Prototype Protection

Handling of test vehicles

AL3

8

Prototype Protection

Protection of prototypes during events and film or photo shoots

AL3

9

Data Protection

Data protection in accordance with Article 28 (“Processor”) of the European General Data Protection Regulation (GDPR)

AL2

10

Data Protection

Data protection with special categories of personal data According to Article 28 (“Processor”) with special categories of personal data as specified in Article 9 of the European General Data Protection Regulation (GDPR)

AL3

Number 1
  • ISA Criteria Catalogue: Information Security
  • TISAX® Assessment Objective: Handling of information with high protection needs
  • Assessment Level (AL): AL 2
Number 2
  • ISA Criteria Catalogue: Information Security
  • TISAX® Assessment Objective: High Availability
  • Assessment Level (AL): AL 2
Number 3
  • ISA Criteria Catalogue: Information Security
  • TISAX® Assessment Objective: Handling of information with very high protection needs
  • Assessment Level (AL): AL 3
Number 4
  • ISA Criteria Catalogue: Information Security
  • TISAX® Assessment Objective: Very High Availability
  • Assessment Level (AL): AL 3
Number 5
  • ISA Criteria Catalogue: Prototype Protection
  • TISAX® Assessment Objective: Protection of prototype parts and components
  • Assessment Level (AL): AL 3
Number 6
  • ISA Criteria Catalogue: Prototype Protection
  • TISAX® Assessment Objective: Protection of prototype vehicles
  • Assessment Level (AL): AL 3
Number 7
  • ISA Criteria Catalogue: Prototype Protection
  • TISAX® Assessment Objective: Handling of test vehicles
  • Assessment Level (AL): AL 3
Number 8
  • ISA Criteria Catalogue: Prototype Protection
  • TISAX® Assessment Objective: Protection of prototypes during events and film or photo shoots
  • Assessment Level (AL): AL 3
Number 9
  • ISA Criteria Catalogue: Data Protection
  • TISAX® Assessment Objective: Data protection in accordance with Article 28 (“Processor”) of the European General Data Protection Regulation (GDPR)
  • Assessment Level (AL): AL 2
Number 10
  • ISA Criteria Catalogue: Data Protection
  • TISAX® Assessment Objective: Data protection with special categories of personal data according to Article 28 (“Processor”) with special categories of personal data as specified in Article 9 of the European General Data Protection Regulation (GDPR)
  • Assessment Level (AL): AL 3

Your TISAX® Assessment Options

Your chosen TISAX® objectives will determine your corresponding Assessment Level. Our team provides all three TISAX® solutions that evaluate the level of implementation of your ISMS: 
  • Assessment Level 1 You’ll complete a self-assessment and while your auditor will confirm your completion of such, they will not review evidence or documentation.
    *This assessment is not eligible for a TISAX® Label.
  • Assessment Level 2 You’ll complete a self-assessment which will be followed by a plausibility check by an auditor. That process includes inquiries and a documentation review, and may be done remotely.
  • Assessment Level 3 You’ll complete a self-assessment before your auditor performs a comprehensive verification—a procedure that includes a documentation review, interviews with process owners, and observation of local conditions and execution of processes, which is all performed on-site.

Disclaimer: Schellman is provisionally approved to perform TISAX® assessments pending witness audits with ENX Association.
TISAX® is a registered trademark of ENX Association.

Meet Your TISAX® Expert,
Jay Imszennik

Jay Imszennik is a Director at Schellman. Jay has more than 15 years of experience in the information technology field, with a focus on security compliance, attestation, and other advisory services related to information security risk management and control implementation.

Meet Jay Contact a Specialist

jay-imszennik-profile

Contact a Specialist

Jay Imszennik

Jay Imszennik is a Director at Schellman. Jay has more than 15 years of experience in the information technology field, with a focus on security compliance, attestation, and other advisory services related to information security risk management and control implementation.

Meet Jay Contact Us

jay-imszennik-profile

Schellman’s TISAX® Methodology

Schellman is the first U.S.-based audit provider on track to be approved by the ENX Association as a TISAX Audit Provider. Our approach to AL2 and AL3 TISAX® assessments can be broken into four phases:
Image

1. Pre-Engagement

After you register with TISAX®, answer the scoping information, and determine which assessment level you need, we’ll review that information to prepare the resources needed to complete the assessment.

Image

2. Information Gathering and Self-Assessment (Phase One)

We will provide an audit plan and information request list for the initial assessmentYou will electronically submit your responses to the Self-Assessment (VDA ISA) according to the maturity model and we’ll then perform a remote review of your Self-Assessment.

Image

3. Plausibility/Verification Check (Phase Two)

You will electronically submit any revisions to the self-assessment and the supporting documentation requests based on the information request list, which we will then review in detail.

We will meet with ISMS and control owners for either the plausibility check (AL2/remote) or the comprehensive verification check (AL3/onsite)—depending on which assessment you’re undergoing. 

Image

4. Final Reporting

Our review of your materials will yield a result of either “conform” or “non-conform” within a detailed assessment report that includes identified areas of non-compliance, observations, and opportunities for improvement.

If you receive a result of “conform”, you will be issued TISAX® Label(s) according to your assessment objectives issued via the TISAX® Platform.

If your assessment result is instead “non-conform,” you’ll need to take further steps involving corrective action plans and/or a follow-up assessment to validate remediation efforts for areas of non-compliance, before a TISAX® Label(s) can be issued.