During the TISAX assessment process, your company might encounter non-conformities (NCs). Understanding the implications of these NCs, the available time for remediation, and the concept of temporary labels is crucial for successfully navigating this step.
Dealing With Non-Conformities
Dealing With Non-Conformities (Major NCs) ๐จ
When a major non-conformity is identified, it signifies a significant immediate risk to your information security or raises doubts about the overall effectiveness of your ISMS. The first step is not to panic; there's a structured way to address this:
Immediate Action: You're required to promptly implement compensating measures to mitigate any immediate risks highlighted by the major NC ๐ง.
Corrective Action Plan: Develop and submit a corrective action plan to the audit provider, detailing how and when you'll address the major NC ๐.
Converting Major NCs to Minor NCs โก๏ธ
With a satisfactory corrective action plan and its effective execution, major NCs can be downgraded to minor NCs after a follow-up assessment by the audit provider. This demonstrates your commitment to continuous improvement and can facilitate the progression towards certification.
Important โ๏ธTimeframe for Remediation โณ
9-Month Window: You have a maximum of nine months from the closing meeting of the initial assessment to resolve all major NCs. Failing to do so requires starting the assessment process anew.
Handling Minor Non-Conformities (Minor NCs) ๐ ๏ธ
Minor NCs do not pose significant immediate risks and don't cast doubt on the overall ISMS effectiveness. Like major NCs, they must be addressed without undue delay, but they offer a bit more flexibility in terms of immediate impact on the certification process.
You can find a detailed overview of these in this section of the ENX Handbook.
Temporary TISAX Labels ๐ท๏ธ
For Minor NCs: If your overall assessment results in a "minor non-conform," you're eligible for temporary TISAX labels. These labels indicate that while minor issues were found, none were significant enough to prevent certification, provided these are resolved in the agreed timeframe.
Utilizing Temporary Labels: These can be beneficial in demonstrating to clients and partners that you're on the path to full compliance, maintaining trust and business continuity ๐ค.
Find out more about Temporary Labels in this section of the ENX Handbook.
No Non-Conformities ๐
If no NCs are found, your organization's ISMS is deemed fully compliant with TISAX requirements, leading directly to certification. This ideal scenario reflects a well-prepared and effectively implemented ISMS.
Return to the main Certification Guide to progress further in your Certification Journey. Each step builds upon the last, deepening your understanding and implementation of the standards required for certification.