The TISAX report is meticulously structured to provide a comprehensive overview of the audit findings and the overall security posture as assessed. Here’s a breakdown of its key components:

This segment includes foundational audit details like company name, audit scope, scope ID, assessment ID, assessment level, audit objectives, date of audits, and the audit service provider. It focuses on procedural aspects rather than outcomes.

Offers a management summary of the audit outcome, categorizing the result as Compliant, Minor Deviation, or Major Deviation. It also includes the number of findings and a general categorization of the associated risks.

Provides a summary of the audit results by chapter (e.g., ‘9 Access Control’) and per criteria catalog (e.g., ‘Information Security’), offering a high-level view of performance across different areas.

Contains a thorough description of all findings, risk assessment results, required actions, and implementation deadlines, giving a granular view of areas needing attention.

Presents maturity levels for each requirement as determined by the assessment, encapsulated in an Excel spreadsheet titled ‘Results’ from the ISA, indicating the sophistication of the ISMS.

TISAX labels summarize the outcome of the assessment, indicating compliance with defined requirements. They facilitate TISAX-related communication by referencing a standardized output of the assessment process. Hierarchical links between some TISAX labels mean achieving a higher-level objective also grants you the labels below it.

The TISAX label is valid for three years post-assessment, subject to changes in the TISAX assessment scope. Additional sites or significant changes trigger a scope extension audit, maintaining the original term of the label.

Post-assessment, the testing service provider uploads the results to the exchange portal (ENX Portal), where you decide the extent of information sharing. This selective sharing ensures confidentiality and precise control over the dissemination of your security posture.

The exchange of test results is restricted to the platform, emphasizing confidentiality and integrity, as outlined by the VDA ISA and managed through the ENX portal. TISAX and TISAX results are intended for participants within the automotive industry, underlining the commitment to confidentiality, availability, and integrity of information.