Your goal
You would like professionals to cost-efficiently determine the extent to which your company meets the requirements of the VDA ISA / TISAX® or how you can get from the current status to the TISAX® label.
Our service
With our TISAX® gap analysis, we quickly check and evaluate the 'TISAX® readiness' in your company and give clear recommendations on which steps you need to take to achieve TISAX® certification.
The result
You know what level of maturity your company currently has in information security, which steps are required for your desired TISAX® label and which efforts this means.
The TISAX® gap analysis as ISMS kick-off
Unfortunately, the TISAX® requirements catalogue does not give you any guidance on which steps you should implement in which order.
Our TISAX® gap analysis provides in approx. 4 - 7 man-days what you need:
- We give you a professional assessment of the maturity and effectiveness of your ISMS.
- We assess your ISMS processes, policies and structures.
- We assess what is missing in which area and provide you with a TISAX® roadmap with the most important steps to get from A (start) to Z (certification), including time and cost estimates.
Before we start with the TISAX® gap analysis, we define the framework conditions in an initial meeting in order to provide you with the best possible added value. Do you already have a desired assessment target (AL2, AL3, with / without data protection, with / without prototype protection)? Do you know the different assessment levels and TISAX® labels? What are your expectations?
Afterwards, we draw up an audit plan for the TISAX® gap analysis so that you can plan the dates for the audit sessions, which are the interviews with the respective departments.
Before conducting these interviews, we review your existing security documents. These give us an initial indication of possible deficits.
Usually, we conduct the audit part of the TISAX® gap analysis at your premises, even if a TISAX® assessment with the audit objective AL2 does not require an on-site audit.
In the audit sessions, we conduct interviews with the respective departments (e.g. IT, purchasing, facility management, human resources, production, compliance, prototype protection, data protection, ...). Depending on the intended audit objective, the depth of the audit will vary:
- For AL2, we only perform a 'plausibility check', i.e. we question your VDA ISA self-assessment (if available) and verify it with appropriate verifications. The TISAX® gap analysis according to AL2 also includes a check of the 'additional requirements for high protection needs'.
- In AL3, a much stricter and more profound check of the implementation is carried out. In the TISAX® gap analysis according to AL3, the 'additional requirements for very high protection needs' are also verified.
After we have conducted the audit sessions and examined your organisation, we will provide you with a detailed overview of your current implementation status or maturity level with regard to VDA / TISAX®. You will receive a report with identified fields of action and thus already know quite precisely where 'the problem lies' and what work is waiting for you.
You will receive additional 'start help' for the implementation of your ISMS in the form of a TISAX® roadmap. In it, we tell you which steps you should take in which order and how much time and resources you should plan for them.
Any project to implement a VDA ISA compliant ISMS needs the support of the top management of your organisation. Therefore, if desired, we are happy to conduct a management presentation at the end of the TISAX® gap analysis. In addition to the top findings, we also particularly address your TISAX® roadmap and sensitise your management to the following topics:
- How should the implementation of an ISMS according to VDA ISA / TISAX® usually be set up and which setup has proven itself in practice.
- What framework conditions must be created in the company for this.
- What roles and tasks does top management have within an ISMS so that it can also be effective and successful.
Do you want to find out your TISAX® Gaps?
Let's meet each other in a web meeting and talk about your expectations and our services for TISAX® gap analysis.
Standard but still individual
Of course we have a structured approach, but not a 'stereotypical' one with predefined questionnaires or checklists, because every situation (business model, resource constitution, legal or contractual requirements, market situation, etc.) is different and also must be considered individually.
No 'pig in a poke'
Initially, you only commission us to carry out the TISAX® gap analysis. In this manageable project, you get to know our values and our approach better and can decide after completion of the project whether we are the right partner for you to set up your ISMS according to VDA ISA / TISAX®.
Consulting und audit
We advise on TISAX® and are TISAX® certified as well, but audit according to various standards in the field of information security for TÜV Nord CERT. Therefore, we know both sides very well and these 'two hearts in our breast' enable us to take a pragmatic approach that nevertheless meets the expectations of an auditor.
Other services that might interest you

Find out how to protect your relevant company information in accordance with VDA ISA.

Effective risk management for your information security: protect critical assets, identify risks and implement targeted measures to minimize risks. Request support now!