06. Aug 2024

TISAX® deep dive: the three assessment levels

Depending on the TISAX assessment objectives, the TISAX regulations (TISAX manual) prescribe different assessment procedure types, the so-called assessment levels.

There are a total of 3 different assessment levels, designated AL1, AL2 and AL3, and a special form called AL2.5.

In this CIS article series, we focus on the topic of TISAX® and highlight the three assessment levels. You can find a basic introduction, e.g. on benefits and assessment, here.

 

Assessment-Level 1 (AL 1)

Audits at assessment level AL1 are generally only used for internal self-assessment purposes. At this level, the external auditors/assessors merely confirm that a complete self-assessment has been carried out. The content of the customer's self-assessment is not reviewed. No further evidence is required.

The results of assessments with assessment level 1 have a low confidence level. Therefore, no TISAX labels can be obtained at this assessment level.

With the TISAX standard, contrary to the procedure known from the ISO standardization world, no certificates are issued as proof of assessment, but so-called TISAX labels are issued exclusively on the TISAX platform. This means that the customer does not receive a document or print-out. The results may not be communicated outside the platform.

Assessment-Level 2 (AL 2)

Assessments at assessment level 2 essentially consist of a plausibility check of the self-assessment of the company to be audited, i.e. the content of the VDA ISA completed by the company and the evidence provided.  The procedure is concluded at assessment level AL2 with an interview with the person responsible for information security. AL2 procedures are usually carried out remotely in the form of a web conference. If there are reasons why the customer wishes to have the assessment conducted on site, e.g. because evidence should not be provided off-site, the interview can be conducted in person on site.

Assessment level 2.5 (AL 2)

This assessment level is a special variant of the AL2 procedure. Instead of the plausibility check of the AL2 level, this assessment level involves a complete check of all control requirements in form of a web conference, i.e. full-remote. In contrast to the AL3 procedure, all on-site activities are omitted in this test mode. Formally speaking, an assessment according to AL2.5 is assessed as AL2.

The dependence of the assessment levels on the TISAX assessment objectives is shown in the following table (own representation according to TISAX manual ENX / Table 5: Assignment of TISAX assessment objectives to the assessment levels):

Nr. TISAX-Prüfziel Assessment-Level (AL)
1. Info high AL 2
2. Info very high AL 3
3. Confidential AL2
4. Strictly confidential AL 3
5. High availability AL 2
6. Very high availability AL 3
7. Proto parts AL 3
8. Proto vehicles AL 3
9. Test vehicles AL 3
10. Proto event AL 3
11. Data AL 2
12. Special data AL 3

Do you have any questions or would you like to find out more?

CIS Certification & Information Security Services GmbH is the leading service provider in Austria when it comes to certifications in the field of information security, business continuity and data protection. Since 2021, CIS has been authorized to conduct audits according to the TISAX® standard. Thanks to a lot of concentrated know-how through cooperation on the European and international market and a broad network of specialist auditors, customer and service orientation are our top priorities. Click here to go directly to the TISAX® Assessment. We look forward to hearing from you!

contact us here

your contact person

Team

Mr. Wolfgang Glowatzki

Lead Expert Information Security | Lead Auditor TISAX® AL2 und AL3 | Lead Auditor ISO 27001

News & Events

The basis for long-term success!

26. Sep 2024

World Quantum Readiness Day

The first world day of this kind

Learn more
19. Aug 2024

Global Threat Report 2024: Current situation

Newest trends in cybercrime

Learn more
06. Aug 2024

Lateral entry as an IT security auditor – a field report

06. Aug 2024

TISAX®: Information security in the automotive industry

06. Aug 2024

TISAX® deep dive: the 12 test objectives (labels)

10. Oct 2024

Event:CIS Compliance Summit 2024

Austrian platform for experts, professionals and desicion makers in the security industry. Be part of it - save the date: October 10th, 2024

Learn more
11. Jun 2024

Aspects of climate change included in the standards for management systems

New features and what happens next

Learn more
17. Apr 2024

CIS joins the Austrian Data Centre Association (ADCA)

New cooperation

Learn more
17. Apr 2024

Smart compliance for data centres

NISG and EN 50600

Learn more
28. Mar 2024

ISO 42001 – the new standard for artificial intelligence

World's first standard for AI

Learn more
07. Mar 2024

The future of AI and data ownership

A balancing act between AI, information security and data ownership

Learn more
07. Mar 2024

Are we losing control of our data through artificial intelligence (AI)?

A balancing act between AI, information security and data ownership

Learn more
+43 1 532 98 90