TISAX® Assessments: How is the audit carried out?

TISAX® assessments are always full audits, which means that all controls from each relevant area are checked.

The figure shows the principle behind the assessment procedure:

The extent and duration of the audit as part of the TISAX® assessment process vary depending on the specified scope and the intended assessment objective. The applicable assessment method is then derived from:

Assessment level 2

Document based assessment – The classic assessment level 2 is the auditing of all relevant assessment points in accordance with TISAX® specifications, based on documents and other suitable records. In part 1 a plausibility check of the submitted documentation of evidences is done. If this is successful a supplemental telephone interview or web conference with the auditee takes place in part 2.  

Remote assessment - In particular due to the Corona crisis, we additionally offer in coordination with ENX remote assessments. All relevant assessment points are checked based on documents and other suitable records, but without on-site visit. Afterwards multi-part telephone interviews / web conferences with the auditee take place in almost the same level of detail as on-site

Assessment level 3

Assessment level 3 is an on-site assessment, all relevant assessment points in accordance with the TISAX® specifications are audited on the client's premises/on-site at the client. Here, the primary focus is on checking whether necessary information security processes have been implemented. For this purpose, documentation and guidelines are inspected on-site and assessed, and interviews are carried out. There is also a tour round the premises to assess physical security.

Together with ENX we arranged procedures of TISAX® audits allowing TISAX® assessments even if the physical presence is currently only possible to a limited extent or not at all.

TISAX® is a registered trademark of the ENX Association.