How is the assessment carried out?
TISAX® assessments are always full audits, which means that all controls from each relevant area are checked.
The figure shows the principle behind the assessment procedure:
The extent and duration of the audit vary depending on the specified scope and the assessment label being aimed for. The applicable assessment method is then derived from:
Document based assessment /
Document based assessment with on-site inspection
An document based assessment based is the auditing of all relevant assessment points in accordance with TISAXÂ® specifications, based on documents and other suitable records. In addition to this, there is a telephone interview or web conference with the client. For a document based assessment with an on-site inspection, instead of a telephone interview, the information specified is verified directly at the client's premises.
The on-site assessment is the auditing of all relevant assessment points in accordance with TISAXÂ® specifications on the client's premises/on-site at the client.
Here, the primary focus is on checking whether necessary information security processes have been implemented. For this purpose, documentation and guidelines are inspected on-site and assessed, and interviews are carried out. There is also a tour round the premises to assess physical security.
TISAX® is a registered trademark of the ENX Association.