TISAX® audit: Assessment process

Step 1  Definition

Define the intended TISAX® label (by OEM): locations, protection level, additional modules.

Step 2    TISAX® registration

You register your company as a participant on the TISAX® platform. You get a scope-ID and assign an audit provider to carry out the TISAX® audit. In a joint preliminary discussion we may verify the applicable assessment level as well as the scope of the assessment, answer your questions, go through the TISAX® requirements and your further options.

Step 3    Initial assessment

The auditor holds a kick-off conference call with you, explaining the procedure as well as any other important points. You receive the relevant questionnaires to complete and compile additional evidence. An assessment date is jointly agreed. The auditor carries out the information security assessment, the TISAX® audit, based on documents, remote or on-site and compiles the assessment report. If no vulnerabilities were identified, you will get your TISAX® label here.

Step 4    Corrective action plan assessment

In case of findings the auditee may provide a measures plan with due dates to fix the vulnerabilities. The auditor assesses this plan supplementing the assessment report.

Step 5    Implementation

You implement the measures in order to fix the findings within agreed due dates and prepare a documentation of evidences.

Step 6    Follow-up assessment

The auditor assesses the evidences based on documents or on-site and updates the assessment report. The TISAX® label will be granted, the TISAX® assessment is closed. The achieved label is reported to the TISAX® platform. You decide with whom you share your TISAX® label.


TISAX® is a registered trademark of the ENX Association.