07.04.22, 10:26 TISAX Participant Handbook TiSAX Participant Handbook Table of contents 1. Overview 1.1. Purpose 1.2. Scope 1.3.Audience 1.4.Structure 1.5. How to use this document 1.6.Contact us 1.7. The TISAX participant handbook in other languages and formats 1.7.1.About theonlineformat 1.7.2. About the offline format 1.7.3. About the PDF format 2. Introduction 2.1. Why TISAX? 2.2. Who defines what "secure" means? 2.3. The automotive way 2.4. How to prove security efficiently? 3. The TISAX process 3.1.Overview 3.2. Registration 3.3. Assessment 3.4. Exchange 4. Registration (Step 1) 4.1.Overview 4.2. You are a TISAX participant 4.3. Registration preparation 4.3.1. The legal foundation 4.3.2. The TISAX assessment scope 4.3.2.1. Scope description 4.3.2.2. Standard scope 4.3.2.3. Scoping 4.3.2.4. Scope tailoring 4.3.2.5. Scope locations 4.3.2.6. Scope name 4.3.2.7. Contacts 4.3.2.8. Publication and sharing 4.3.3. Assessment objectives 4.3.3.1. List of assessment objectives 4.3.3.2. Assessment objectives and ISA 4.3.3.3.AssessmentobjectivesandTiSAxlabels 4.3.3.4. Assessment objectives and their dependencies 4.3.3.5.Assessmentobjectiveselection 4.3.3.6. Protection needs and assessment levels 4.3.3.7. Assessment objectives and your own suppliers https://www.enx.com/handbook/tisax-participant-handbook.html 1/115 TISAX Participant Handbook 07.04.22,10:26 4.3.4. Fee 4.4. ENX portal 4.5. Online registration process 4.5.1. Time required 4.5.2. Start here 4.5.3. Portal account 4.5.4. Participant registration 4.5.5. Participant contact 4.5.6. General Terms and Conditions 4.5.7. Assessment scope registration 4.5.8. Confirmation email 4.5.8.1. Participant ID 4.5.8.2. Scope ID 4.5.9. Status information 4.5.10. Changes of your registration information 5. Assessment (Step 2) 5.1. Overview 5.2. Self-assessment based on the ISA 5.2.1. Download the ISA document 5.2.2. Understand the ISA document 5.2.2.1. Criteria catalogues 5.2.2.2. Chapters 5.2.2.3. Control questions 5.2.2.4. Self-assessment form fields 5.2.2.5. Objective 5.2.2.6. Requirements 5.2.2.7. Maturity levels 5.2.3. Conduct the self-assessment 5.2.4. Interpret the self-assessment result 5.2.4.1. Analysis 5.2.4.2. The target maturity level (on question level) 5.2.4.3. Your result (on question level) 5.2.4.4. The target (on score level) 5.2.4.5. Your result (on score level) 5.2.4.6. Are you ready? 5.2.5. Address the self-assessment result 5.3. Audit provider selection 5.3.1. Contact information 5.3.2. Coverage 5.3.3. Requesting offers 5.3.4. Evaluating offers 5.4. TISAX assessment process 5.4.1. Overview 5.4.2. Kick-off meeting 5.4.3. TISAX assessment types 5.4.4. TISAX assessment elements 5.4.5. About conformity 5.4.6. Your preparation for the TISAX assessment process https://www.enx.com/handbook/tisax-participant-handbook.html 2/115 TISAX Participant Handbook 07.04.22,10:26 5.4.7. Initial assessment 5.4.7.1. The first formal opening meeting 5.4.7.2. Assessment procedure 5.4.7.3. Closing meeting 5.4.7.4. TISAX assessment report 5.4.8. Corrective action plan preparation 5.4.9. Corrective action plan assessment 5.4.9.1. Reasons for a corrective action plan assessment 5.4.9.2. Combination with initial assessment 5.4.9.3. Corrective action plan requirements 5.4.9.4. Temporary TISAX labels 5.4.10. Follow-up assessment 5.4.10.1. Timing 5.4.10.2. Prerequisites 5.4.10.3. Expiration of temporary TISAX labels 5.4.11. TISAX assessment process diagram 5.4.12. Assessment ID 5.4.13. TISAX assessment report 5.4.14. TISAX labels 5.4.14.1. TISAX label hierarchy 5.4.14.2. Validity period of TISAX labels 5.4.14.3. Renewal of TISAX labels 6. Exchange (Step 3) 6.1. Premise 6.2. The exchange platform 6.3. General prerequisites 6.4. Permanence of exchanged results 6.5. Sharing levels 6.6. Publish your assessment result on the exchange platform 6.7. Share your assessment result with a particular participant 6.7.1. Prerequisites 6.7.2. How to create a sharing permission 6.8. Sharing your assessment result outsi