TISAX® CONSULTANCY FOR SMEs

We have structured our TISAX® Consulting specifically for medium-sized businesses. TISAX® helps your company maintain high safety standards. With our consulting, we increase your entire manufacturing process quality. We are there for you from GAP Analysis to accompanying you during your audit.

TISAX® Consultancy: Our Experience

We help you accelerate your TISAX® Label by performing a GAP Analysis, preparing the relevant documents, and accompanying you during the audit.

We have more than 10 years of experience in preparing and supporting our clients to acquire the TISAX® Label and recertification. We have helped more than 40 companies so far.

Our Advantages in Short

  • No hidden or additional costs, all-inclusive prices for your TISAX® Label
  • Fair price structure depending on the company size
  • Templates for ISMS, TISAX® Processes, TOMs and all necessary documents available as templates
  • Orientation of our TISAX® Consulting according to your requirements, no one-size-fits-all approach

Why I will need TISAX® Consultancy?

Of course, not every company needs TISAX® Consulting. Perhaps you are an IT system house, an IT or information security service provider who has experience with the topic and would like to assign a team to TISAX®. Then you might manage to get the label on your own, without consulting. If that is not the case, then with external help you can speed up your way to the TISAX® label, reduce costs and save a lot of time.

Below are some of the benefits of working with our TISAX® Consultancy:

  • Shortened overall project duration
  • Avoidance of additional costs for re-audits
  • A deeper understanding of the concepts and motivation behind the TISAX® label
  • Avoidance of delays in the final label, missing bids, etc.

TISAX® Consultancy Costs

Of course, costs vary from company to company, both as an auditor and as a consultant. However, we have summarized the available options with the corresponding price ranges.
The costs can be divided into 3 sections, which we have explained in detail below:

  • GAP Analysis:

    GAP Analysis: a GAP Analysis is like a doctor’s x-ray. The GAP analysis shows you the current situation and what to do to get the TISAX® Label. Therefore, you will also receive the TISAX® Roadmap. It can be done as a one-day workshop and costs from experience between 3 and 5 T€.

  • Preparation, self-assessment, technical and physical security analysis, ISMS structure: This is the most labor-intensive part of the TISAX® Project. This part can be overpriced, so it starts from 8 to 20k €.
  • Setting up policies, processes, necessary documentation, and audit support: This is the last part of your TISAX® Project. The price range is between 6 and 15k€ for this part.

Overall, the budget requirement is between 15k-30k€. If you calculate with a team of 2, the consulting pays off if you save 1 week of working time, which is mostly the case.

If you need in-depth information about TISAX® costs, feel free to ask for a quote.

TISAX® Consultancy

How does a TISAX® Project work?

Are you ready to start your TISAX® Project?

Then our TISAX® Workshop is made for you.  At the end of this one-day workshop, you will receive your thorough GAP Analysis as well as your TISAX® Roadmap.

How much effort do I need to estimate to implement the TISAX® requirements?

Before we can answer this question, we need to clarify a few things. Which assessment level TISAX® Certification are you obtain? Do you need data protection? Prototype protection? Yes, TISAX® is a complex certification that requires policies, guidelines, and processes in various areas such as the IT department, HR, back-office, and management.

If your company has an ISMS structure that has defined roles for ISO and ITSO and already has processes in place for change management, patch management, etc., passing the audit could be relatively easy. However, since TISAX® is a specific label for the automotive industry, the requirements are detailed.

Long story short, even if you have an excellent IT team, implementing TISAX® requirements requires interdisciplinary work. For example, if your company already has ISO 27001, you’ll likely have to spend less time than a company starting from scratch. Nonetheless, if your company needs to comply with Data Protection and/or Prototype Protection modules of TISAX®, you will need to invest more time in this topic.

Generally, the TISAX® project takes between 3 and 6 months, depending on the assessment level, your company’s and the auditor’s availability.

Wrapping-up: TISAX® Costs and Time Expenditure

TISAX® Costs and Time Expenditure
The TISAX® Costs and the Time Expenditure are completely dependent on the size of your company. Of course, the TISAX® Costs and the Time Expenditure are also dependent on the maturity of your Information Security Management System.

Your Road to TISAX® Label

  • Preparation- GAP Analysis: We start with the GAP Analysis so we can define exactly where your maturity level is.
  • ENX Registration
  • Auditor Selection: We can help you with the selection and engagement of the audit firm.
  • Audit Preparation
    • ISMS setup and implementation
    • Self-Assessment: Do you want to quickly perform a TISAX® assessment? Then click here.
  • Internal Audit
  • TISAX® Audit: Depending on the TISAX® level, this can be on-site or remote.
Tisax Consultancy Services

Do you want to run a free of charge Self-Assessment?

We have prepared a free of charge Self-Assessment to estimate your readiness level for your TISAX® Label.  Here is the step for step Guide!

What is TISAX®?

Let’s start with the acronym. TISAX® stands for Trusted Information Security Assessment Exchange. Or as it is known in the industry, ISO 27001 for automotive. In 2017, the German Association of the Automotive Industry (VDA) published its catalog of requirements for information security in the automotive industry.

TISAX Consultancy
Source: https://portal.enx.com/en-US/enxassociation/

Prior to TISAX® Label, VDA members conducted assessments for their suppliers, partners and service providers in addition to their internal assessments. However, this individual assessment per supplier required partners to spend time and money assessing each of their customers.

To reduce the duplication of effort required for similar assessments for different companies, the VDA developed its TISAX® requirements catalog. This contains a catalog of criteria, audits, processes and KPIs, i.e. in the end a TISAX® certification. If a provider is TISAX® certified, it guarantees the controlled exchange and security of the data it holds.

The VDA has chosen a neutral third party, the ENX Association, which accredits auditors, maintains the assessment requirements, monitors audit quality and finally keeps the audit results.

TISAX® Label and its Advantages

A TISAX® Label confirms your safety level and the quality standards of the automotive industry, which is recognized by the largest car manufacturers. A transparent, secure supply chain, thanks to TISAX® requirements, helps all participants reduce their costs.

TISAX® Consultancy: From Scratch to Label

You have decided to carry the TISAX® Label. We offer you the GAP Analysis at a fixed price, the full package up to the receipt of the label we offer you individually on the basis of the GAP Analysis.

Two Ways that We Can Help You

We are here to help you get your TISAX® label at less cost and faster.
Would you like to learn more about TISAX® or do you have any questions? Then schedule a free-of-charge meeting.
Do you already want to start with your TISAX® project? Then book our GAP analysis so that you have your maturity level and your TISAX® roadmap clearly defined.

What are the differences between ISO 27001 and TISAX®?

Although TISAX® was originally derived from ISO 27001, the two standards are completely independent of each other. There are also no dependencies in terms of application, requirements, audits, and certifications.

In other words, if you have TISAX® or ISO 27001, one does not replace the other.

In this view, we’ve compiled a list of differences as a summary. However, we will go into details later in this post:

  • ISO 27001 is a certification, while TISAX® is a label.
  • ISO 27001 is international, but TISAX® is not international yet.
  • TISAX® is used in the automotive industry, while ISO 27001 can be applied in all industries.
  • In TISAX®, the entire company is assessed. In ISO 27001, production lines can be assessed individually.
  • TISAX® catalog requires the maturity level of each control, ISO 27001 does not measure maturity level.
  • The re-audit structure is different. The TISAX® re-audit takes place after 3 years, whereas ISO 27001 takes place annually.
  • Since TISAX® is automotive-specific, it includes details such as prototype protection, and data protection (which is much more stringent than ISO 27001, especially if Assessment Level 3 is targeted)
  • TISAX® has 9 months from the beginning to resolve all major and minor discrepancies.
  • TISAX® has a limited choice for auditors compared to ISO 27001.

Want to know more? Check our blog post then: TISAX® and ISO 27001: Differences and Similarities.

Want to learn more about TISAX®?

Then have a look at our blog post: TISAX® Certification, where we explain TISAX® Label in detail. If you are already informed about TISAX®, but not sure about how to run a Self-Assessment, you can also check this blog post.

FAQ

An established ISMS, operational TISAX® processes and KPIs are the milestones to the TISAX® Label. However, an existing ISO 27001 certificate simplifies the path to the TISAX® Label.

The audit for the label according to TISAX® is carried out by an external auditor. The auditing company must be commissioned independently. We can help you with the selection and commissioning of the auditing company.

Of course, it depends on the information security maturity of your company. Project duration and thus costs are 3-12 months, and 20-50T€. If you need in-depth information about TISAX® costs, here is our blog post.

It depends on the requirements of your customers and your products and services. An AL2 is usually tested remotely, AL3 requires on-site testing. Data protection and prototype protection can be additionally tested.

 TISAX® ist eine eingetragene Marke der ENX Association. Die 360 Digitale Transformation steht in keiner geschäftlichen Beziehung zur ENX. Mit der Nennung der Marke TISAX® ist keine Aussage des Markeninhabers zur Geeignetheit der hier beworbenen Leistungen verbunden. TISAX® Assessments, zur Erlangung von Labels, werden nur von den auf der Homepage der ENX genannten Prüfdienstleistern durchgeführt.