6. How long does it take for a company to be certified?
The TISAX® audit process must be completed within nine months from registration, otherwise the process starts all over again. If all criteria are met or only minor deviations are apparent, the test report is submitted to ENX. Once this has been accepted, a (temporary) TISAX® label is handed over. In the case of major deviations, the label is only valid from the day on which the deviations have been rectified. These must be resolved within 8 months at the latest.
7. What are TISAX® labels?
The labels summarize the test result and are hierarchically linked. The labels can only be viewed in the ENX portal for Approved OEMs. They are valid for three years.
8. Should one strive for TISAX® certification even without a customer request?
In principle, certification according to TISAX® is always recommendable for suppliers. On the one hand, it reduces the internal audit effort should an OEM require evidence, and on the other hand, your internal organization is so advanced in terms of information security that other standards, e.g. ISO 27001, can also be implemented for other industries without any problems.
9. What changes does the new VDA ISA catalog include?
The new version of the ISA requirements catalog has an even clearer structure and reduces the effort for companies and auditors. In addition, adjustments have been made to the "Information Security" module and redundancies have been eliminated . Version 5.0 of the VDA ISA question catalog has been available since July 2020. It has been mandatory for all new TISAX® assessments since October 1, 2020.
10. Who is the contact for a TISAX® audit?
Only ENX-approved testing service providers with special accreditation for TISAX® and extensive industry expertise, such as TÜV SÜD, are the contact for a TISAX® audit in order to ensure a high, consistent product level and broad recognition of the standard. Accredited testing service providers and those currently undergoing accreditation can be viewed via the platform.