06. Aug 2024

TISAX® deep dive: the 12 test objectives (labels)

As a rule, your business partners who require you to obtain TISAX certification will specify the assessment objectives, i.e. the TISAX labels to be achieved. It is important to understand that the respective assessment level AL results from the selection and combination of the protection objectives and not vice versa. In practice, this means that instead of requesting an assessment level from you, your business partner should define the protection objectives.

As part of this CIS article series, we are focusing on the topic of TISAX® and highlighting the three assessment levels. You can find a basic introduction, e.g. on benefits and assessment, here. and a deep dive into the three assessment levels here.

There is currently a total of 12 different TISAX labels, 6 general, 4 prototype protection labels and 2 data protection labels.

1. Info high

The "Info high" test target represents the lowest level of requirements. It is possible that business partners require a corresponding classification from their information classification.

 

2. Info very high

The test target "Info very high" can result from the information classification of the business partnership.

 

3. Confidential

The "Confidential" audit objective may be required if information with a high need for confidentiality is received or processed. It should be selected in particular if unauthorized disclosure of the information could potentially cause existential or considerable damage (e.g. reputational damage, criminal consequences or monetary damage).

 

4. Strictly confidential

The "Strictly confidential" test objective may be required if information with very high confidentiality requirements is received or processed or is classified as "strictly confidential" or "secret" according to the company's own classification scheme. This protection objective should be selected in particular if the unauthorized disclosure of the information could potentially cause existentially threatening or catastrophic damage (e.g. severe reputational damage, severe criminal consequences or very high monetary damage).

 

5. High availabilty

The "High availability" test objective is to be selected for companies if the production or delivery capability of the business partner depends on the availability of their products or services and a failure leads to considerable damage for customers within a short period of time. Example: Just-in-time suppliers of production material damage.

 

6.Very high availabilty

The "Very High availability" test objective is to be selected for companies whose customers' ability to produce or deliver depends on the short-term availability of their products or services and where a failure within a very short period of time would cause significant damage to customers. Example: Just-in-time suppliers whose failure is expected to result in a comprehensive production shutdown with a very long restart time.

 

7. Proto parts

The "Proto parts" test objective is required for companies that manufacture, store or receive components or parts classified as requiring protection at their own sites.

 

8. Proto vehicles

The "Proto vehicles" test objective is required for companies that manufacture vehicles classified as requiring protection at their own sites, store them or receive them for use. Requirements for physical and environmental safety (including the presence of secure garages or workshop areas), organizational requirements and specific requirements for handling prototypes are part of the test.

 

9. Test vehicles

The "Test vehicles" test objective is required for companies that are provided with vehicles classified as requiring protection to carry out tests and test drives (e.g. test drives on public roads or on test tracks). Organizational requirements and specific requirements for the handling of prototypes, including camouflage and the handling of vehicles during test drives in public and on test sites are part of the inspection. Requirements for the physical and environmental safety of the site are not necessarily part of the test.

 

10. Proto events

The "Proto events" test objective is required for companies that are provided with vehicles, components or parts classified as requiring protection for exhibitions and events (e.g. car clinics, events, marketing events) or film and photo shoots. Organizational requirements and specific requirements for handling prototypes, including requirements for exhibitions, events and film and photo shoots in protected areas and in public are part of the inspection. Requirements for the physical and environmental safety of the location are not necessarily part of the audit. If the locations to be tested are equipped accordingly, we recommend selecting the test objective "Protection of prototype vehicles".

 

11. Data

The "Data" test objective must be selected for companies if personal data is processed as a processor in accordance with Article 28 of the GDPR.

 

12. Special data

The "Special data" test objective must be selected by companies if special categories of personal data (e.g. health or religious affiliation) are processed as processors in accordance with Article 28.

Do you have any questions or would you like to find out more?

CIS Certification & Information Security Services GmbH is the leading service provider in Austria when it comes to certifications in the field of information security, business continuity and data protection. Since 2021, CIS has been authorized to conduct audits according to the TISAX® standard. Thanks to a lot of concentrated know-how through cooperation on the European and international market and a broad network of specialist auditors, customer and service orientation are our top priorities. Click here to go directly to the TISAX® Assessment. We look forward to hearing from you!

contact us here

your contact person

Team

Mr. Wolfgang Glowatzki

Lead Expert Information Security | Lead Auditor TISAX® AL2 und AL3 | Lead Auditor ISO 27001

News & Events

The basis for long-term success!

26. Sep 2024

World Quantum Readiness Day

The first world day of this kind

Learn more
19. Aug 2024

Global Threat Report 2024: Current situation

Newest trends in cybercrime

Learn more
06. Aug 2024

Lateral entry as an IT security auditor – a field report

06. Aug 2024

TISAX®: Information security in the automotive industry

06. Aug 2024

TISAX® deep dive: the three assessment levels

10. Oct 2024

Event:CIS Compliance Summit 2024

Austrian platform for experts, professionals and desicion makers in the security industry. Be part of it - save the date: October 10th, 2024

Learn more
11. Jun 2024

Aspects of climate change included in the standards for management systems

New features and what happens next

Learn more
17. Apr 2024

CIS joins the Austrian Data Centre Association (ADCA)

New cooperation

Learn more
17. Apr 2024

Smart compliance for data centres

NISG and EN 50600

Learn more
28. Mar 2024

ISO 42001 – the new standard for artificial intelligence

World's first standard for AI

Learn more
07. Mar 2024

The future of AI and data ownership

A balancing act between AI, information security and data ownership

Learn more
07. Mar 2024

Are we losing control of our data through artificial intelligence (AI)?

A balancing act between AI, information security and data ownership

Learn more
+43 1 532 98 90