Gap Analysis according to VDA ISA

Check the maturity level of your ISMS according to VDA ISA.

This video will be loaded from YouTube while playing. By clicking here you accept the data protection declaration of HVS Consulting / IS-FOX and YouTube.

The TISAX gap analysis as ISMS kick-off

Unfortunately, the TISAX requirements catalogue does not give you any guidance on which steps you should implement in which order.  

Our TISAX gap analysis provides in approx. 4 - 7 man-days what you need:

  • We give you a professional assessment of the maturity and effectiveness of your ISMS.
  • We assess your ISMS processes, policies and structures.
  • We assess what is missing in which area and provide you with a TISAX roadmap with the most important steps to get from A (start) to Z (certification), including time and cost estimates.
ISMS Tisax - GAP-Analyse

The process in detail

Plan and review

Before we start with the TISAX gap analysis, we define the framework conditions in an initial meeting in order to provide you with the best possible added value. Do you already have a desired assessment target (AL2, AL3, with / without data protection, with / without prototype protection)? Do you know the different assessment levels and TISAX labels? What are your expectations?

Afterwards, we draw up an audit plan for the TISAX gap analysis so that you can plan the dates for the audit sessions, which are the interviews with the respective departments.

Before conducting these interviews, we review your existing security documents. These give us an initial indication of possible deficits.

< >

Conducting the TISAX gap analysis

Usually, we conduct the audit part of the TISAX gap analysis at your premises, even if a TISAX assessment with the audit objective AL2 does not require an on-site audit.

In the audit sessions, we conduct interviews with the respective departments (e.g. IT, purchasing, facility management, human resources, production, compliance, prototype protection, data protection, ...). Depending on the intended audit objective, the depth of the audit will vary:

  • For AL2, we only perform a 'plausibility check', i.e. we question your VDA ISA self-assessment (if available) and verify it with appropriate verifications. The TISAX gap analysis according to AL2 also includes a check of the 'additional requirements for high protection needs'.
  • In AL3, a much stricter and more profound check of the implementation is carried out. In the TISAX gap analysis according to AL3, the 'additional requirements for very high protection needs' are also verified. 
< >

Evaluation of the results

After we have conducted the audit sessions and examined your organisation, we will provide you with a detailed overview of your current implementation status or maturity level with regard to VDA / TISAX. You will receive a report with identified fields of action and thus already know quite precisely where 'the problem lies' and what work is waiting for you. 

You will receive additional 'start help' for the implementation of your ISMS in the form of a TISAX roadmap. In it, we tell you which steps you should take in which order and how much time and resources you should plan for them.

< >

Create awareness

Any project to implement a VDA ISA compliant ISMS needs the support of the top management of your organisation. Therefore, if desired, we are happy to conduct a management presentation at the end of the TISAX gap analysis. In addition to the top findings, we also particularly address your TISAX roadmap and sensitise your management to the following topics:

  • How should the implementation of an ISMS according to VDA ISA / TISAX usually be set up and which setup has proven itself in practice. 
  • What framework conditions must be created in the company for this.
  • What roles and tasks does top management have within an ISMS so that it can also be effective and successful.
< >

Do you want to find out your TISAX Gaps?

Let's meet each other in a web meeting and talk about your expectations and our services for TISAX gap analysis.
Yes, I would like to learn more!

Why TISAX gap analyses with HvS?

Standard but still individual
Of course we have a structured approach, but not a 'stereotypical' one with predefined questionnaires or checklists, because every situation (business model, resource constitution, legal or contractual requirements, market situation, etc.) is different and also must be considered individually.
No 'pig in a poke'
Initially, you only commission us to carry out the TISAX gap analysis. In this manageable project, you get to know our values and our approach better and can decide after completion of the project whether we are the right partner for you to set up your ISMS according to VDA ISA / TISAX.
Consulting und audit
We advise on TISAX and are TISAX certified as well, but audit according to various standards in the field of information security for TÜV Nord CERT. Therefore, we know both sides very well and these 'two hearts in our breast' enable us to take a pragmatic approach that nevertheless meets the expectations of an auditor.