866.254.0000
Talk with a Specialist
Services
SOC & Attestations
Payment Card Assessments
ISO Certifications
Privacy Assessments
Federal Assessments
Healthcare Assessments
Penetration Testing
Cybersecurity Assessments
Crypto and Digital Trust
Schellman Training
ESG & Sustainability
AI Services
View All Services
Industry Solutions
Cloud Computing & Data Centers Meet a broad range of regulatory and industry compliance mandates for your customers
Financial Services & Fintech Cybersecurity assessments for both the banking industry and the financial service providers
Healthcare Reporting to manage risk and adhere to applicable laws and regulations
Payment Card Processing Validate compliance with the various forms of the PCI DSS
US Government Achieve authorization to work for federal agencies, DoD, and the associated contractor base
Higher Education & Research Laboratories Reinforce your commitment to securing your student's and institution's data.
View All Industry Solutions
Learning Center
Our Technology
About Us
Leadership Team
Careers
Corporate Social Responsibility
Strategic Partnerships
Visit About Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
View All Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
Learning Center
Our Technology
About Us
About Us
About Schellman
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships
Talk with a Specialist

TISAX®

Using a comprehensive approach to security management, TISAX® is a critical industry standard for information security in the automotive sector that can help your organization prove your commitment to security and compliance so you can build trust with your customers and partners.

Contact a Specialist

Enabling Transparency and Trust in the Automotive Industry

In response to the growing problem of a surplus of audits and various customer requirements, the ENX Association launched TISAX® as a new security solution for the automotive industry. Developed in collaboration with leading automotive manufacturers and suppliers, this industry-wide auditing standard is meant to help participants build a trusted and widely accepted information security program.

A TISAX® Assessment Could Help You…

The ENX Network provides organizations with the chance to create new business connections through an open, industry-focused forum. Being granted a TISAX® Label improves your reputation within the network where those results can be shared, allowing for increased opportunities for new business ventures. TISAX® Labels are consistent across organizations, allowing for common recognition and trusted results.
https://www.schellman.com/hubfs/due-diligence-1.png

Achieve Cost-Effective Security and Compliance

https://www.schellman.com/hubfs/competitive.png

Realize Further Financial Gains and Business Opportunities

https://www.schellman.com/hubfs/meet-compliance-requirements.png

Provide Third-Party Validation of Your ISMS

https://www.schellman.com/hubfs/competitive-advantage.svg

Gain a Competitive Advantage in the Market

Determine Your TISAX® Assessment By Choosing Your Objectives

In getting started with TISAX, you’ll need to register in the ENX Portal, and as part of that process, you’ll determine your assessment scope by choosing your TISAX assessment objectives and sites/locations to be assessed.
No.
ISA Criteria Catalogue
TISAX® Assessment Objective
Assessment Level

1

Information Security

Handling of information with high protection needs

AL2

2

Information Security

High Availability

AL2

3

Information Security

Handling of information with very high protection needs

AL3

4

Information Security

Very High Availability

AL3

5

Prototype Protection

Protection of prototype parts and components

AL3

6

Prototype Protection

Protection of prototype vehicles

AL3

7

Prototype Protection

Handling of test vehicles

AL3

8

Prototype Protection

Protection of prototypes during events and film or photo shoots

AL3

9

Data Protection

Data protection in accordance with Article 28 (“Processor”) of the European General Data Protection Regulation (GDPR)

AL2

10

Data Protection

Data protection with special categories of personal data According to Article 28 (“Processor”) with special categories of personal data as specified in Article 9 of the European General Data Protection Regulation (GDPR)

AL3
Number 1
  • ISA Criteria Catalogue: Information Security
  • TISAX® Assessment Objective: Handling of information with high protection needs
  • Assessment Level (AL): AL 2
Number 2
  • ISA Criteria Catalogue: Information Security
  • TISAX® Assessment Objective: High Availability
  • Assessment Level (AL): AL 2
Number 3
  • ISA Criteria Catalogue: Information Security
  • TISAX® Assessment Objective: Handling of information with very high protection needs
  • Assessment Level (AL): AL 3
Number 4
  • ISA Criteria Catalogue: Information Security
  • TISAX® Assessment Objective: Very High Availability
  • Assessment Level (AL): AL 3
Number 5
  • ISA Criteria Catalogue: Prototype Protection
  • TISAX® Assessment Objective: Protection of prototype parts and components
  • Assessment Level (AL): AL 3
Number 6
  • ISA Criteria Catalogue: Prototype Protection
  • TISAX® Assessment Objective: Protection of prototype vehicles
  • Assessment Level (AL): AL 3
Number 7
  • ISA Criteria Catalogue: Prototype Protection
  • TISAX® Assessment Objective: Handling of test vehicles
  • Assessment Level (AL): AL 3
Number 8
  • ISA Criteria Catalogue: Prototype Protection
  • TISAX® Assessment Objective: Protection of prototypes during events and film or photo shoots
  • Assessment Level (AL): AL 3
Number 9
  • ISA Criteria Catalogue: Data Protection
  • TISAX® Assessment Objective: Data protection in accordance with Article 28 (“Processor”) of the European General Data Protection Regulation (GDPR)
  • Assessment Level (AL): AL 2
Number 10
  • ISA Criteria Catalogue: Data Protection
  • TISAX® Assessment Objective: Data protection with special categories of personal data according to Article 28 (“Processor”) with special categories of personal data as specified in Article 9 of the European General Data Protection Regulation (GDPR)
  • Assessment Level (AL): AL 3

Your TISAX® Assessment Options

Your chosen TISAX® objectives will determine your corresponding Assessment Level. Our team provides all three TISAX® solutions that evaluate the level of implementation of your ISMS: 
  • Assessment Level 1 You’ll complete a self-assessment and while your auditor will confirm your completion of such, they will not review evidence or documentation.
    *This assessment is not eligible for a TISAX® Label.
  • Assessment Level 2 You’ll complete a self-assessment which will be followed by a plausibility check by an auditor. That process includes inquiries and a documentation review, and may be done remotely.
  • Assessment Level 3 You’ll complete a self-assessment before your auditor performs a comprehensive verification—a procedure that includes a documentation review, interviews with process owners, and observation of local conditions and execution of processes, which is all performed on-site.

Disclaimer: Schellman is provisionally approved to perform TISAX® assessments pending witness audits with ENX Association.
TISAX® is a registered trademark of ENX Association.

Meet Your TISAX® Expert,
Jay Imszennik

Jay Imszennik is a Director at Schellman. Jay has more than 15 years of experience in the information technology field, with a focus on security compliance, attestation, and other advisory services related to information security risk management and control implementation.

Meet Jay Contact a Specialist

Schellman’s TISAX® Methodology

Schellman is the first U.S.-based audit provider on track to be approved by the ENX Association as a TISAX Audit Provider. Our approach to AL2 and AL3 TISAX® assessments can be broken into four phases:
Image

1. Pre-Engagement

After you register with TISAX®, answer the scoping information, and determine which assessment level you need, we’ll review that information to prepare the resources needed to complete the assessment.

Image

2. Information Gathering and Self-Assessment (Phase One)

We will provide an audit plan and information request list for the initial assessmentYou will electronically submit your responses to the Self-Assessment (VDA ISA) according to the maturity model and we’ll then perform a remote review of your Self-Assessment.

Image

3. Plausibility/Verification Check (Phase Two)

You will electronically submit any revisions to the self-assessment and the supporting documentation requests based on the information request list, which we will then review in detail.

We will meet with ISMS and control owners for either the plausibility check (AL2/remote) or the comprehensive verification check (AL3/onsite)—depending on which assessment you’re undergoing. 

Image

4. Final Reporting

Our review of your materials will yield a result of either “conform” or “non-conform” within a detailed assessment report that includes identified areas of non-compliance, observations, and opportunities for improvement.

If you receive a result of “conform”, you will be issued TISAX® Label(s) according to your assessment objectives issued via the TISAX® Platform.

If your assessment result is instead “non-conform,” you’ll need to take further steps involving corrective action plans and/or a follow-up assessment to validate remediation efforts for areas of non-compliance, before a TISAX® Label(s) can be issued.

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Ready delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.