TISAX Participant Handbook Getting through the TISAX assessment process and sharing assessment results with your partners Published by ENX Association an Association according to the French Law of 1901, registered under No. w923004198 at the Sous-préfecture of Boulogne-Billancourt, France. Addresses 20 rue Barthélémy Danjou, 92100 Boulogne-Billancourt, France Bockenheimer Landstraße 97-99, 60325 Frankfurt am Main, Germany Author Florian Gleich Contact [email protected] +49 69 9866927-77 Version Date: 2018-04-10, Version: 2.0 Classification: Public, ENX doc ID: 602 Copyright notice All rights reserved by ENX Association. Third-party trademarks mentioned are the property of their respective owners. TISAX Participant Handbook 2.0 Page 2 of 96 Table of contents 1 Overview .................................................................................................................................................................... 8 1.1 Purpose ........................................................................................................................................................... 8 1.2 Scope ............................................................................................................................................................... 8 1.3 Audience ......................................................................................................................................................... 8 1.4 Structure ......................................................................................................................................................... 8 1.5 How to use this document .............................................................................................................................. 9 1.6 Contact us ....................................................................................................................................................... 9 2 Introduction ............................................................................................................................................................. 10 2.1 Why TISAX? ................................................................................................................................................... 10 2.2 Who defines what “secure” means? ............................................................................................................. 10 2.3 The automotive way ..................................................................................................................................... 10 2.4 How to prove security efficiently? ................................................................................................................ 11 3 The TISAX process .................................................................................................................................................... 12 3.1 Overview ....................................................................................................................................................... 12 3.2 Registration ................................................................................................................................................... 13 3.3 Assessment ................................................................................................................................................... 13 3.4 Exchange ....................................................................................................................................................... 13 4 Registration (Step 1) ................................................................................................................................................. 15 4.1 Overview ....................................................................................................................................................... 15 4.2 You are a TISAX participant ........................................................................................................................... 15 4.3 Managed service providers ........................................................................................................................... 16 4.4 Registration preparation ............................................................................................................................... 16 4.4.1 The legal foundation ....................................................................................................................... 17 4.4.2 The TISAX assessment scope .......................................................................................................... 18 4.4.3 Assessment objectives .................................................................................................................... 26 4.4.4 Registration fee ............................................................................................................................... 35 4.5 ENX portal ..................................................................................................................................................... 36 4.6 Online registration process ........................................................................................................................... 37 4.6.1 Time required.................................................................................................................................. 37 4.6.2 Start here ........................................................................................................................................ 37 4.6.3 Portal account ................................................................................................................................. 37 4.6.4 Participant registration ................................................................................................................... 38 4.6.5 Participant contact .......................................................................................................................... 38 TISAX Participant Handbook 2.0 Page 3 of 96 4.6.6 General Terms and Conditions ....................................................................................................... 38 4.6.7 Assessment scope registration ....................................................................................................... 38 4.6.8 Confirmation email ......................................................................................................................... 40 4.6.9 Status information .......................................................................................................................... 42 4.6.10 Changes of your registration information ....................................................................................... 44 5 Assessment (Step 2) ................................................................................................................................................. 45 5.1 Overview ....................................................................................................................................................... 45 5.2 Self-assessment based on the VDA ISA ......................................................................................................... 45 5.2.1 Download the VDA ISA document .................................................................................................. 45 5.2.2 Understand the VDA ISA document ................................................................................................ 46 5.2.3 Conduct the self-assessment .......................................................................................................... 51 5.2.4 Interpret the self-assessment result ............................................................................................... 52 5.2.5 Address the self-assessment result................................................................................................. 60 5.3 Audit provider selection ................................................................................................................................ 60 5.3.1 Contact information ........................................................................................................................ 60 5.3.2 Coverage ......................................................................................................................................... 61 5.3.3 Requesting offers ............................................................................................................................ 61 5.3.4 Evaluating offers ............................................................................................................................. 61 5.4 TISAX assessment process ............................................................................................................................ 62 5.4.1 Overview ......................................................................................................................................... 62 5.4.2 TISAX assessment types and elements ........................................................................................... 62 5.4.3 TISAX assessment elements ............................................................................................................ 63 5.4.4 About conformity ............................................................................................................................ 64 5.4.5 Your preparation