Guide

8 steps to the label for TISAX®: your roadmap for implementation

Approach the assessment on TISAX® in a pragmatic way

Find out how to organise your team, what the necessary deliverables are for each step, and the estimated timeframe to expect.

TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

This guide includes:

  • A breakdown of the individual steps on the road to a successful assessment on TISAX®
  • The results and goals you should strive for in your assessment 
  • The deliverables to be produced at each step 
  • Estimated times per step, based on our experience working with companies like yours
Look Inside TISAX Implementation Roadmap - UK 3-1
Look Inside TISAX Implementation Roadmap - UK 1
Look Inside TISAX Implementation Roadmap - UK 2-1

ROADMAP FOR CERTIFICATION ON TISAX®

As the digital landscape evolves, the need for robust information security measures has become increasingly paramount. TISAX® (Trusted Information Security Assessment Exchange) has emerged as a pivotal platform, particularly within the automotive industry, to ensure that organisations meet stringent information security requirements. Derived from ISO 27001, TISAX® serves as a comprehensive catalogue of criteria and questions for information security, encompassing general information security, prototype protection, and data protection.

Join us on this journey to fortify your organisation's information security posture and gain invaluable insights into the world of certification on TISAX®.

8-Tips-for-certification-on-ISo-27001-_-TISAX®_THUMB

In order to be able to play the desired video, you agree that a connection to the servers of YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA is established. This transmits personal data (device and browser information (in particular the IP address and operating system) to the operator of the portal for usage analysis. 

You can find more information about the handling of your personal data in our privacy policy. 

8 steps to certification

From initial education and assessment to the final certification audit, each phase plays a crucial role in successfully implementing an Information Security Management System (ISMS).

Step 1: Complete gap analysis questionnaire

To build your ISMS or review an existing one, we first need to understand what information assets your business is trying to protect and what documentation (policies, processes, procedures) exist today which can be repurposed and adapted to form part of your ISMS. We run this discovery process through our platform, where you can answer the comprehensive questionnaires which cover all chapters of the Information Security Management System (ISMS). Simply answer them at your own pace.

Deliverables: A report outlining your biggest process gaps & risks

 

Step 2: Project plan

Off the back of the gap analysis, you and your expert will create a set of tasks to work on in the coming days and weeks. Our platform also generates a set of recommendations based on the gaps in your information security, which will be automatically available as tasks for you. You prioritise the tasks and assign them to relevant owners. Your DataGuard expert is there to provide you with more clarity to recommendations and will also work on a joint action plan.

Deliverables: Clear next steps to prepare for TISAX®, plus a joint action plan

 

Step 3: Asset management

Our platform enables you to track and classify all information assets according to the level of protection needed and assess associated risk for each asset. Your assets can be imported from a CSV file and easily maintained by adding and deleting assets. If you can provide evidence of this centralised and standardised documentation for all of your company's databases, nothing stands in the way of your certification on TISAX®.

Deliverables: A living record of all company assets established

 

Step 4: Risk management

Using inputs from the gap analysis and asset inventory, our risk management feature will create a risk map which gives your team a complete overview of your risks and vulnerabilities. Our experts help you interpret these risks and define the appropriate response your business should take (e.g., not having a business continuity and disaster recovery plan in place).

Deliverables: A visual overview of your biggest risks and vulnerabilities so that your team can prioritise what to tackle next.

Express lane towards TISAX®


Get ready for your certification on TISAX® in as little as 3 months 

Dataguard TISAX Certificate

Step 5: ISMS documentation

The Documentation dashboard is the centralised location for all your ISMS documents and policies. Easily upload any existing documents and generate others via questionnaires or readymade templates. To generate policies, answer some questionnaires, and our platform will automatically generate the mandatory policies necessary for the audit. Your DataGuard infosec expert reviews all documentation to ensure they meet the requirements to comply with TISAX®.

Deliverables: Establishing all ISMS documentation & policies for your audit for TISAX®

 

Step 6: Internal audit

An internal audit of your ISMS is prepared and executed by our information security experts over two days of workshops. Our platform generates Internal Audit Protocols for every chapter of the ISMS. DataGuard will drive this step alongside the management review; your team will merely need to facilitate it.

Deliverables: Audit review protocols created, which is a prerequisite for the audit

newsletter-image-cta-700

Secure your success.

Subscribe for actionable expert advice! 

Join 3,000+ business leaders who stay ahead of the curve with our monthly information security newsletter. 

I am aware that I can withdraw my consent at any time by sending an informal email to dpo@dataguard.de. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Further information on the handling of your personal data can be found in our Privacy Policy.
By clicking submit below, you consent to allow DataGuard to store and process the personal information submitted above to provide you the content requested.

Step 7: Management review

This is a meeting where you will discuss and review the most relevant ISMS topics with the leadership team and other ISMS stakeholders who can give important feedback and inputs. Our platform generates a Management Review Protocol, along with meeting notes and minutes.

Deliverables: Management review protocols created, which is a prerequisite for the audit

 

Step 8: External audit and certification

At this point, our platform is your living ISMS, providing proof of your processes, policies and risk management for the external auditor. Your DataGuard expert supports the process by guiding you on which auditing body to select. We are well-versed in the process, so we will be able to give you step-by-step assistance and guidance to avoid common pitfalls.

Deliverables: Certification Audit Preparation Plan, Corrective Action Plans for Non-Conformities

 

Do you have unanswered questions regarding the process for the certification on TISAX®? Don't hesitate to reach out to us for a free consultation.

Join 4,000+ companies who are driving their security and compliance objectives with DataGuard

Volki Logo
Mask group
Freenow Logo
Auto-Kabel-Logo
Heyjobs Logo
Lebara Logo
Emitec Logo
LifeLink Logo
Volki Logo
Mask group
Freenow Logo
Auto-Kabel-Logo
Heyjobs Logo
Lebara Logo
Emitec Logo
LifeLink Logo

How can we help?Contact us.

(089) 8967 551 000
dg_seal_iso_2-0-3
dg_seal_tisax_2-0-3
dg_seal_gdpr_2-0-3

Products

Platform

Frameworks

Solutions

Resources

Company

English

TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide Software-as-a-Service and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

All data provided is for information only, based on internal estimates. This information is not indicative of KPIs, and is not given with any warranties or guarantees, expressly stated or implied in relation to accuracy and reliability.