TISAX® deep dive: the 12 test objectives (labels)

As a rule, your business partners who require TISAX certification from you specify the assessment objectives, i.e. the TISAX labels to be achieved. It is important to understand that the respective assessment level AL results from the selection and combination of the protection objectives and not vice versa. In practice, this means that your business partner should not request an assessment level from you, but must define the protection objectives.

In this CIS article series, we focus on the topic of TISAX® and examine here the three assessment levels. You can find a basic introduction, e.g. on the benefits and assessment, here.

 

There are currently a total of 12 different TISAX labels, 6 general, 4 prototype protection labels and 2 data protection labels.

 

1. info high

The “Info high” test target represents the lowest level of requirements. Business partners may require a corresponding categorisation from its information classification.

 

2. info very high

The “Info very high” test objective may result from the information classification of the business partnership.

 

3. confidential

The “Confidential” audit objective may be required if information with a high need for confidentiality is received or processed. It should be selected in particular if unauthorised disclosure of the information could potentially cause considerable damage (e.g. reputational damage, criminal consequences or monetary damage).

 

4. strictly confidential

The “Strictly confidential” test objective may be required if information with very high confidentiality requirements is received or processed or is categorised as “strictly confidential” or “secret” according to the company’s own classification scheme. This protection objective should be selected in particular if the unauthorised disclosure of the information could potentially cause existentially threatening or catastrophic damage (e.g. serious reputational damage, serious criminal consequences or very high monetary damage).

 

5. high availabilty

The “high availability” test objective is to be selected for companies if the production or delivery capability of the business partner depends on the availability of their products or services and a failure leads to considerable damage for customers within a short period of time. Example: Just-in-time suppliers of production material damage.

 

6.Very high availabilty

The “Very high availability” test objective is to be selected for companies where the production or delivery capability of their customers depends on the short-term availability of their products or services and a failure in a very short time leads to significantly high damage to customers. Example: Just-in-time suppliers whose failure is expected to result in a comprehensive production shutdown with a very long restart time within a short period of time.

 

7. proto parts

The “Proto parts” test objective is required for companies that manufacture, store or receive for use components or parts classified as requiring protection at their own sites.

 

8. proto vehicles

The test objective “Proto vehicles” is to be required for companies that manufacture, store or receive for use vehicles classified as vulnerable at their own sites. Requirements for physical and environmental safety (including the presence of secure garages or workshop areas), organisational requirements and specific requirements for handling prototypes are part of the test.

 

9. test vehicles

The test objective “test vehicles” is to be required for companies that are provided with vehicles classified as requiring protection for carrying out tests and test drives (e.g. test drives on public roads or on test tracks). Organisational requirements and specific requirements for the handling of prototypes, including camouflage and the handling of vehicles during test drives in public and on test sites are part of the inspection. Requirements for the physical and environmental safety of the site are not necessarily part of the test.

 

10. proto events

The “Proto events” test objective is required for companies that are provided with vehicles, components or parts classified as requiring protection for the organisation of exhibitions and events (e.g. car clinics, events, marketing events) or film and photo shoots. Organisational requirements and specific requirements for handling prototypes, including requirements for exhibitions, events and film and photo shoots in protected areas and in public are part of the inspection. Requirements for the physical and environmental safety of the location are not necessarily part of the audit. If the locations to be tested are equipped accordingly, we recommend selecting the test objective “Protection of prototype vehicles”.

 

11. data

The audit objective “Data” must be selected for companies if personal data is processed as a processor in accordance with Article 28 of the GDPR.

 

12. special data

The “Special data” test objective must be selected for companies if special categories of personal data (e.g. health or religious affiliation) are processed as processors in accordance with Article 28.

You have questions or would like to find out more

CIS – Certification & Information Security Services GmbH is the number 1 in Austria when it comes to certifications in the areas of information security, business continuity or data protection. Since 2021, CIS has been authorised to carry out audits in accordance with the TISAX® standard. Thanks to a wealth of expertise gained through cooperation in the European and international market and a broad network of specialist auditors, customer and service orientation are our top priorities. Click here to go directly to TISAX® Assessment.


Contact us, we look forward to your enquiry!