Simplified process for corporate groups - the group assessment
TISAX® provides a simplified process for assessing information security for corporate groups. The aim is to reduce the outlay required for the audited content if many different sites are involved. However, the process is only based on the basic assessment of the level of information security; prototypes or similar are not covered.
Preconditions for using the process
The corporate group has a highly developed ISMS which contains the entire scope of the audit, i.e. the requirements of VDA ISA 3.0 are reflected in the ISMS.
The ISMS is organized centrally and there are highly developed and mature internal mechanisms for tracking audits, incidents, and weak points, and central reporting mechanisms.
Basic audit process
- Phase 1: Intensive audit in the company's main office
- Phase 2: Random inspections at several locations (number is based on the total number of sites)
- Phase 3: Simplified auditing at the other sites
- Phase 4 (optional): Other sites within the corporate group are named and benefit from the simplified assessment
If the above requirements are met, we recommend the use of a group assessment if the company has around 7 sites or more.
We willingly outline the process to you in a web conference and answer any questions you may have. We will also support you in classifying your sites according to the applicable audit type. On the basis of this, together we can develop the perfect plan for carrying out the assessment and evaluate the financial and time outlay required.
Ask us for more information!
TISAX® is a registered trademark of the ENX Association.