Instructions
This gap analysis document provides a simple framework for evaluation the current status of a Tisax according to ISA version 6.
The status column is marked by one of the following maturity levels:
- Incomplete ; A process does not exist, is not followed or not suitable to achieve the objective.
- Performed ; A process is followed which is not or insufficiently documented (“informal process”) and there is some evidence that it achieves its objective.
- Managed ; A process achieving its objectives is followed. Process documentation and process implementation evidence are available.
- Established ; A standard process integrated into the overall system is followed. Dependencies on other processes are documented and suitable interfaces are created. Evidence exists that the process has been used sustainably and actively over an extended period.
- Predictable ; An established process is followed. The effectiveness of the process is continually monitored by collecting key figures. Limit values are defined at which the process is considered to be insufficiently effective and requires adjustment. (Key Performance Indicators)
- Optimizing ; A predictable process with continual improvement as a major objective is followed. Improvement is actively advanced by means of dedicated resources.
The evidence shall be provided by the target user, while optional comment maybe added by the target user or the assessor.
Reference: The full TISAX ISA assessment is available for download in ENX website here.
Part 1: Requirements
1. IS Policies and Organization
| Requirement |
Status (0-5) |
Evidence |
Comments |
| 1.1 Information security policies |
|
|
|
| 1.2 Organization of Information Security |
|
|
|
| 1.3 Asset Management |
|
|
|
| 1.4 IS Risk Management |
|
|
|
| 1.5 Assessments |
|
|
|
| 1.6 Incident and Crisis Management |
|
|
|
2. Human Resources
| Requirement |
Status (0-5) |
Evidence |
Comments |
| 2.1 Human Resources |
|
|
|
3. Physical Security
| Requirement |
Status (0-5) |
Evidence |
Comments |
| 3.1 Physical Security |
|
|
|
4. Identity and Access Management
| Requirement |
Status (0-5) |
Evidence |
Comments |
| 4.1 Identity Management |
|
|
|
| 4.2 Access Management |
|
|
|
5. IT Security / Cyber Security
| Requirement |
Status (0-5) |
Evidence |
Comments |
| 5.1 Cryptography |
|
|
|
| 5.2 Operations Security |
|
|
|
| 5.3 System acquisitions, requirement management and development |
|
|
|
6. Supplier Relationships
| Requirement |
Status (0-5) |
Evidence |
Comments |
| 6.1 Supplier Relationships |
|
|
|
7. Compliance
| Requirement |
Status (0-5) |
Evidence |
Comments |
| 7.1 Compliance |
|
|
|