Simplified process for corporate groups - the TISAX® Group Assessment

TISAX® provides a simplified process for assessing information security for corporate groups. The aim is to reduce the outlay required for the audited content if many different sites are involved - one of the numerous advantages of a TISAX® assessment. However, the process is only based on the basic assessment of information security with the corresponding TISAX® requirements; prototypes or similar are not covered.

    Preconditions for using the process

In the TISAX® group assessment the corporate group has to prove a highly developed ISMS which contains the entire scope of the audit, i.e. the requirements of VDA ISA are reflected in the ISMS.

The ISMS is organized centrally and there are highly developed and mature internal mechanisms for tracking audits, incidents, and weak points, and central reporting mechanisms.

    Basic audit process for a TISAX® Group Assessment
  • Phase 1: Intensive audit in the company's main office
  • Phase 2: Random inspections at several locations (number is based on the total number of sites)
  • Phase 3: Simplified auditing at the other sites
  • Phase 4 (optional): Other sites within the corporate group are named and benefit from the simplified assessment

If the above requirements are met, we recommend the use of a group assessment if the company has around 7 sites or more.

We willingly outline the process to you in a web conference and answer any questions you may have. We will also support you in classifying your sites according to the applicable audit type. On the basis of this, together we can develop the perfect plan for carrying out the assessment and evaluate the financial and time outlay required.

Ask us for more information!


TISAX® is a registered trademark of the ENX Association.