When registering for a TISAX assessment, understanding the scope types is crucial. The scope determines the breadth and focus of your audit, influencing cost, effort, and how your security measures align with industry standards. Here’s a clearer breakdown of the different TISAX scope types to help you make an informed decision. 📋
The Test Scope Types
The scope description outlines the parameters of the assessment. To define the scope description, select from one of the following types of scope:
Standard Scope
Custom Scope
1. Standard Scope
This is the default and most straightforward option. The standard scope is the right choice for well over 99% of all TISAX participants. It covers all processes, procedures, and resources at specific locations that handle information needing protection. Think of it as a comprehensive check of your organization's security practices, as defined by automotive industry standards.
What It Is: The default option, covering essential processes and resources that need protection.
Purpose: Suits over 99% of TISAX participants for a comprehensive security check.
TISAX Labels and Sharing: Comes with TISAX labels; widely recognized.
Scope Description: Predefined, no need for custom descriptions. Ideal for straightforward assessments.
Recommendation ✅
ENX strongly recommends the standard scope. The results of information security assessments based on the standard scope are universally accepted by all TISAX participants. Find more info about that here.
2. Custom Scope Options
Custom Scope allows for tailored assessments, offering two variations: Custom Extended Scope and Full Custom Scope.
Custom Extended Scope
What It Is: Expands beyond the Standard Scope, incorporating additional checks.
Purpose: Suitable for using the TISAX assessment internally or beyond the automotive sector.
TISAX Labels and Sharing: Includes Standard Scope, thus receives TISAX labels, accepted by participants.
Scope Description: Requires your own detailed description.
Full Custom Scope
What It Is: Fully customizable scope defined by your organization.
Purpose: Ideal for organizations with multiple locations and services that need specific assessments.
TISAX Labels and Sharing: Does not receive TISAX labels; results are recorded but might be seen unfavorably without labels. Generally not accepted by other TISAX participants.
Scope Description: Like the Custom Extended Scope, you must provide a detailed scope description.
Important❗️
Rarity of Full Custom Scope Use: It's rare for Full Custom Scope to be advised without reverting to Standard Scope. There's a 98% chance your audit provider will suggest this switch.
TISAX Labels: Full Custom Scope assessments don't receive TISAX labels, significantly affecting their acceptance.
Advice: Opt for Full Custom Scope only with explicit partner agreement on scope and acceptance of results. Generally, Full Custom Scope is not recommended due to acceptance issues by other participants.
Return to the main Certification Guide to progress further in your Certification Journey. Each step builds upon the last, deepening your understanding and implementation of the standards required for certification.