Schellman becomes The First ISO 42001 ANAB Accredited Certification Body!

Learn More
866.254.0000
Contact Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
SOC 1 / SSAE 18 Examination
SOC 2 Examination
SOC 3 Examination
SOC for Supply Chain
SOC for Cybersecurity
C5 Attestation
CSA STAR Programs
Payment Card Assessments
Payment Card Assessments
PCI DSS Validation
PCI SSF
PCI P2PE Validation
PCI PIN Assessments
PCI 3DS Compliance
ISO Certifications
ISO Certifications
ISO 27001
ISO 42001
ISO 27701
ISO 9001
ISO 22301
ISO-20000-1
Privacy Assessments
Privacy Assessments
APEC Certification
GDPR Assessment
International Privacy Assessments
US State Privacy Assessments
Microsoft SSPA/DPR Assessment
Privacy Program Assessment
FERPA Assessment
EU Cloud Code of Conduct
Federal Assessments
Federal Assessments
FedRAMP®
CMMC / NIST SP 800-171
FISMA/NIST
ITAR
CJIS
IRAP
FTC Consent Decrees
Healthcare Assessments
Healthcare Assessments
HITRUST CSF Certification
HIPAA Compliance
HIPAA Express
EPCS-DEA Audits
Health Data Host (HDS) Certification
Penetration Testing
Penetration Testing
Application
Network
Mobile
Social Engineering
Cloud
Physical
Hardware and IoT
Advanced Series
Cybersecurity Assessments
Cybersecurity Assessments
Cloud Configuration Assessments
Ransomware Assessments
NIST Cybersecurity Framework Assessments
Schellman Software Security Assessment (S3A)
TISAX®
SWIFT Customer Security Programme
Internal Audit Co-Sourcing
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
Learning Center
Our Technology
About Us
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships
ISO Certificate Directory
Contact Us

Cybersecurity Assessment Services

TISAX®

Using a comprehensive approach to security management, TISAX® is a critical industry standard for information security in the automotive sector that can help your organization prove your commitment to security and compliance so you can build trust with your customers and partners.

Contact a Specialist

Enabling Transparency and Trust in the Automotive Industry

In response to the growing problem of a surplus of audits and various customer requirements, the ENX Association launched TISAX® as a new security solution for the automotive industry. Developed in collaboration with leading automotive manufacturers and suppliers, this industry-wide auditing standard is meant to help participants build a trusted and widely accepted information security program.

A TISAX® Assessment Could Help You…

The ENX Network provides organizations with the chance to create new business connections through an open, industry-focused forum. Being granted a TISAX® Label improves your reputation within the network where those results can be shared, allowing for increased opportunities for new business ventures. TISAX® Labels are consistent across organizations, allowing for common recognition and trusted results.
https://www.schellman.com/hubfs/due-diligence-1.png

Achieve Cost-Effective Security and Compliance

https://www.schellman.com/hubfs/competitive.png

Realize Further Financial Gains and Business Opportunities

https://www.schellman.com/hubfs/meet-compliance-requirements.png

Provide Third-Party Validation of Your ISMS

https://www.schellman.com/hubfs/competitive-advantage.svg

Gain a Competitive Advantage in the Market

Determine Your TISAX® Assessment By Choosing Your Objectives

In getting started with TISAX, you’ll need to register in the ENX Portal, and as part of that process, you’ll determine your assessment scope by choosing your TISAX assessment objectives and sites/locations to be assessed.
No.
ISA Criteria Catalogue
TISAX® Assessment Objective
Assessment Level

1

Information Security

Handling of information with high protection needs

AL2

2

Information Security

High Availability

AL2

3

Information Security

Handling of information with very high protection needs

AL3

4

Information Security

Very High Availability

AL3

5

Prototype Protection

Protection of prototype parts and components

AL3

6

Prototype Protection

Protection of prototype vehicles

AL3

7

Prototype Protection

Handling of test vehicles

AL3

8

Prototype Protection

Protection of prototypes during events and film or photo shoots

AL3

9

Data Protection

Data protection in accordance with Article 28 (“Processor”) of the European General Data Protection Regulation (GDPR)

AL2

10

Data Protection

Data protection with special categories of personal data According to Article 28 (“Processor”) with special categories of personal data as specified in Article 9 of the European General Data Protection Regulation (GDPR)

AL3
Number 1
  • ISA Criteria Catalogue: Information Security
  • TISAX® Assessment Objective: Handling of information with high protection needs
  • Assessment Level (AL): AL 2
Number 2
  • ISA Criteria Catalogue: Information Security
  • TISAX® Assessment Objective: High Availability
  • Assessment Level (AL): AL 2
Number 3
  • ISA Criteria Catalogue: Information Security
  • TISAX® Assessment Objective: Handling of information with very high protection needs
  • Assessment Level (AL): AL 3
Number 4
  • ISA Criteria Catalogue: Information Security
  • TISAX® Assessment Objective: Very High Availability
  • Assessment Level (AL): AL 3
Number 5
  • ISA Criteria Catalogue: Prototype Protection
  • TISAX® Assessment Objective: Protection of prototype parts and components
  • Assessment Level (AL): AL 3
Number 6
  • ISA Criteria Catalogue: Prototype Protection
  • TISAX® Assessment Objective: Protection of prototype vehicles
  • Assessment Level (AL): AL 3
Number 7
  • ISA Criteria Catalogue: Prototype Protection
  • TISAX® Assessment Objective: Handling of test vehicles
  • Assessment Level (AL): AL 3
Number 8
  • ISA Criteria Catalogue: Prototype Protection
  • TISAX® Assessment Objective: Protection of prototypes during events and film or photo shoots
  • Assessment Level (AL): AL 3
Number 9
  • ISA Criteria Catalogue: Data Protection
  • TISAX® Assessment Objective: Data protection in accordance with Article 28 (“Processor”) of the European General Data Protection Regulation (GDPR)
  • Assessment Level (AL): AL 2
Number 10
  • ISA Criteria Catalogue: Data Protection
  • TISAX® Assessment Objective: Data protection with special categories of personal data according to Article 28 (“Processor”) with special categories of personal data as specified in Article 9 of the European General Data Protection Regulation (GDPR)
  • Assessment Level (AL): AL 3

Your TISAX® Assessment Options

Your chosen TISAX® objectives will determine your corresponding Assessment Level. Our team provides all three TISAX® solutions that evaluate the level of implementation of your ISMS: 
  • Assessment Level 1 You’ll complete a self-assessment and while your auditor will confirm your completion of such, they will not review evidence or documentation.
    *This assessment is not eligible for a TISAX® Label.
  • Assessment Level 2 You’ll complete a self-assessment which will be followed by a plausibility check by an auditor. That process includes inquiries and a documentation review, and may be done remotely.
  • Assessment Level 3 You’ll complete a self-assessment before your auditor performs a comprehensive verification—a procedure that includes a documentation review, interviews with process owners, and observation of local conditions and execution of processes, which is all performed on-site.

Disclaimer: Schellman is provisionally approved to perform TISAX® assessments pending witness audits with ENX Association.
TISAX® is a registered trademark of ENX Association.

Meet Your TISAX® Expert,
Jay Imszennik

Jay Imszennik is a Director at Schellman. Jay has more than 15 years of experience in the information technology field, with a focus on security compliance, attestation, and other advisory services related to information security risk management and control implementation.

Meet Jay Contact a Specialist

Schellman’s TISAX® Methodology

Schellman is the first U.S.-based audit provider on track to be approved by the ENX Association as a TISAX Audit Provider. Our approach to AL2 and AL3 TISAX® assessments can be broken into four phases:
Image

1. Pre-Engagement

After you register with TISAX®, answer the scoping information, and determine which assessment level you need, we’ll review that information to prepare the resources needed to complete the assessment.

Image

2. Information Gathering and Self-Assessment (Phase One)

We will provide an audit plan and information request list for the initial assessmentYou will electronically submit your responses to the Self-Assessment (VDA ISA) according to the maturity model and we’ll then perform a remote review of your Self-Assessment.

Image

3. Plausibility/Verification Check (Phase Two)

You will electronically submit any revisions to the self-assessment and the supporting documentation requests based on the information request list, which we will then review in detail.

We will meet with ISMS and control owners for either the plausibility check (AL2/remote) or the comprehensive verification check (AL3/onsite)—depending on which assessment you’re undergoing. 

Image

4. Final Reporting

Our review of your materials will yield a result of either “conform” or “non-conform” within a detailed assessment report that includes identified areas of non-compliance, observations, and opportunities for improvement.

If you receive a result of “conform”, you will be issued TISAX® Label(s) according to your assessment objectives issued via the TISAX® Platform.

If your assessment result is instead “non-conform,” you’ll need to take further steps involving corrective action plans and/or a follow-up assessment to validate remediation efforts for areas of non-compliance, before a TISAX® Label(s) can be issued.

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Read delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.