No. |
ISA Criteria Catalogue |
TISAX® Assessment Objective |
Assessment Level |
---|---|---|---|
1 |
Information Security |
Handling of information with high protection needs |
AL2 |
2 |
Information Security |
High Availability |
AL2 |
3 |
Information Security |
Handling of information with very high protection needs |
AL3 |
4 |
Information Security |
Very High Availability |
AL3 |
5 |
Prototype Protection |
Protection of prototype parts and components |
AL3 |
6 |
Prototype Protection |
Protection of prototype vehicles |
AL3 |
7 |
Prototype Protection |
Handling of test vehicles |
AL3 |
8 |
Prototype Protection |
Protection of prototypes during events and film or photo shoots |
AL3 |
9 |
Data Protection |
Data protection in accordance with Article 28 (“Processor”) of the European General Data Protection Regulation (GDPR) |
AL2 |
10 |
Data Protection |
Data protection with special categories of personal data According to Article 28 (“Processor”) with special categories of personal data as specified in Article 9 of the European General Data Protection Regulation (GDPR) |
AL3 |
Disclaimer: Schellman is provisionally approved to perform TISAX® assessments pending witness audits with ENX Association.
TISAX® is a registered trademark of ENX Association.
Jay Imszennik is a Director at Schellman. Jay has more than 15 years of experience in the information technology field, with a focus on security compliance, attestation, and other advisory services related to information security risk management and control implementation.
After you register with TISAX®, answer the scoping information, and determine which assessment level you need, we’ll review that information to prepare the resources needed to complete the assessment.
We will provide an audit plan and information request list for the initial assessment. You will electronically submit your responses to the Self-Assessment (VDA ISA) according to the maturity model and we’ll then perform a remote review of your Self-Assessment.
You will electronically submit any revisions to the self-assessment and the supporting documentation requests based on the information request list, which we will then review in detail.
We will meet with ISMS and control owners for either the plausibility check (AL2/remote) or the comprehensive verification check (AL3/onsite)—depending on which assessment you’re undergoing.
Our review of your materials will yield a result of either “conform” or “non-conform” within a detailed assessment report that includes identified areas of non-compliance, observations, and opportunities for improvement.
If you receive a result of “conform”, you will be issued TISAX® Label(s) according to your assessment objectives issued via the TISAX® Platform.
If your assessment result is instead “non-conform,” you’ll need to take further steps involving corrective action plans and/or a follow-up assessment to validate remediation efforts for areas of non-compliance, before a TISAX® Label(s) can be issued.