Gap Analysis according to VDA ISA
Check the maturity level of your ISMS according to VDA ISA.
The TISAX gap analysis as ISMS kick-off
Unfortunately, the TISAX requirements catalogue does not give you any guidance on which steps you should implement in which order.
Our TISAX gap analysis provides in approx. 4 - 7 man-days what you need:
- We give you a professional assessment of the maturity and effectiveness of your ISMS.
- We assess your ISMS processes, policies and structures.
- We assess what is missing in which area and provide you with a TISAX roadmap with the most important steps to get from A (start) to Z (certification), including time and cost estimates.
The process in detail
Plan and review
Before we start with the TISAX gap analysis, we define the framework conditions in an initial meeting in order to provide you with the best possible added value. Do you already have a desired assessment target (AL2, AL3, with / without data protection, with / without prototype protection)? Do you know the different assessment levels and TISAX labels? What are your expectations?
Afterwards, we draw up an audit plan for the TISAX gap analysis so that you can plan the dates for the audit sessions, which are the interviews with the respective departments.
Before conducting these interviews, we review your existing security documents. These give us an initial indication of possible deficits.
Conducting the TISAX gap analysis
Usually, we conduct the audit part of the TISAX gap analysis at your premises, even if a TISAX assessment with the audit objective AL2 does not require an on-site audit.
In the audit sessions, we conduct interviews with the respective departments (e.g. IT, purchasing, facility management, human resources, production, compliance, prototype protection, data protection, ...). Depending on the intended audit objective, the depth of the audit will vary:
- For AL2, we only perform a 'plausibility check', i.e. we question your VDA ISA self-assessment (if available) and verify it with appropriate verifications. The TISAX gap analysis according to AL2 also includes a check of the 'additional requirements for high protection needs'.
- In AL3, a much stricter and more profound check of the implementation is carried out. In the TISAX gap analysis according to AL3, the 'additional requirements for very high protection needs' are also verified.
Evaluation of the results
After we have conducted the audit sessions and examined your organisation, we will provide you with a detailed overview of your current implementation status or maturity level with regard to VDA / TISAX. You will receive a report with identified fields of action and thus already know quite precisely where 'the problem lies' and what work is waiting for you.
You will receive additional 'start help' for the implementation of your ISMS in the form of a TISAX roadmap. In it, we tell you which steps you should take in which order and how much time and resources you should plan for them.
Any project to implement a VDA ISA compliant ISMS needs the support of the top management of your organisation. Therefore, if desired, we are happy to conduct a management presentation at the end of the TISAX gap analysis. In addition to the top findings, we also particularly address your TISAX roadmap and sensitise your management to the following topics:
- How should the implementation of an ISMS according to VDA ISA / TISAX usually be set up and which setup has proven itself in practice.
- What framework conditions must be created in the company for this.
- What roles and tasks does top management have within an ISMS so that it can also be effective and successful.