VDA ISA / TISAX DOCUMENTATION TOOLKIT

Set up ISMS yourself and get TISAX® certified 10X faster & cheaper​

Self-paced toolkit for rapid ISMS implementation that includes a unique mix of readymade documents, trainings, expert community, step-by-step guidance and assistance through the whole process.
Jump start your TISAX ISMS implementation

The TISAX Document Toolkit gives you and your entire team all templates, guidance and expert support you need to implement an information security management system (ISMS) yourself and meet VDA ISA / TISAX compliance.

ISMS Toolkit is the only information security products set for rapid ISMS implementation that includes a unique mix of readymade documents, trainings, expert community, step-by-step guidance and assistance through the whole process. Designed for small and mid-size businesses who want to become more secure and get ENX TISAX® certification effortlessly, even without large budgets, endless paperwork and overwhelming with complex VDA ISA requirements and controls.

All-in-one toolkit

ISMS toolkit is not just a documentation set. In addition, you will get unlimited access to ISMS Academy training, knowledge base, assistance in TISAX®  implementation, private community of ISMS practitioners, unlimited email support and more.

TISAX® self-implementation

The toolkit makes it easy to create documentation for VDA ISA and ENX TISAX® compliant ISMS and get certified – even as a complete beginner. Get tools, templates, and easy-to-follow documentation that guides you through every step of the setup.

Based on years of experience

Proven ISMS implementation framework written by certified ISMS, ISO, VDA experts & auditors. Optimized based on industry best practices and tens of ISMS implementation and audit projects for small/medium businesses.

Designed for VDA ISA / TISAX

The TISAX® Documentation Toolkit provides comprehensive documentation specifically designed for organizations wishing to implement an IT Security Management System, and meet the requirements of the VDA ISA / TISAX® standard.

TISAX® (Trusted Information Security Assessment Exchange) is an information security standard tailored to the needs of the automotive industry. It’s a standard that vehicle manufacturers, automotive suppliers, IT service providers, consultants and third-party software vendors can use to meet their information security requirements for automobile production. TISAX® certification is a compulsory requirement for many automobile manufacturers and suppliers to the German automotive industry.

The TISAX® is based on an Information Security Assessment (ISA) developed by the VDA (Association of the Automotive Industry), which was first used by member companies of the VDA for inspections of suppliers and providers whose companies process sensitive information. The goal of the TISAX® certification is to increase transparency in the automotive industry by certifying suppliers based on their ability to secure critical data.

TISAX in its core is based on essential requirements of ISO 27001 international information security standard, but is more specific to automotive and reflects automotive-specific topics, such as external communication channels and interfaces.

The VDA Information System for Auditing (VDA ISA) is the audit system used by the German Association of the Automotive Industry — VDA (German: Verband der Automobilindustrie e. V.). Conducted by independent third-party organizations, VDA ISA audit verify that companies consistently meet industry quality standards and processes throughout the design, development, production, distribution, and operation of their vehicles. ISA was developed to support VDA’s action line “The Future of Quality” and Quality Groups which were created in 2006 to ensure uniform implementation of those standards.

The responsible bodies of the VDA have put in place the formal requirements for establishing a common auditing mechanism in the automotive industry (TISAX) for the Information Security Assessment (ISA) as well as for avoiding multiple (repeated) audits.

TISAX® is a registered trademark of the ENX Association (European Network Exchange Association). It is entrusted with the implementation of TISAX® as a neutral authority. ENX is the association of European automobile manufacturers, suppliers and four national automobile associations, including the VDA, which founded ENX in 2000. The ENX Association monitors the quality of implementation and approves testing service providers according to a strict procedure.

The TISAX® is based on major aspects of the internationally recognized ISO 27001 standard. TISAX® uses common controls, requirements, and processes described in ISO standards. In addition, TISAX combines the former Information Security Rules (ISA) of the German Verband der Automobilindustrie (VDA) with ISO/IEC 27001’s Appendix A (Technical Controls) as well as some Privacy requirements.

TISAX focused information security processes and parts relevant to partners in the automotive industry. Unlike ISO27001 company-based risk analysis and body certification, TISAX involves VSA-ISA working group-based risk analysis and exchange registration issued by TISAX with 3-year validity and no periodic audits.

And the main and biggest difference with ISO 27001, is that TISAX is based on a maturity level approach which means it requires all controls to be indicated with a maturity level to rate the quality of all aspects of your information security management system. The more sophisticated your information security management system is, the higher your maturity level will be.

  1. Incomplete – here is no process, or the process does not work.

  2. Performed – There is a process and the result suggests it works, but the process is not documented and nobody knows for sure why the process works.

  3. Managed – There are processes that work and are documented, but there are many different processes for the same objective.

  4. Established – There is a process that works and has documentation that is up-to-date and maintained.

  5. Predictable – Same as for level 3, plus the process is measured.

  6. Optimizing – Same as for level 4, plus dedicated staff is responsible for continual improvements.

The goal of the Trusted Information Security Exchange (TISAX®) program is to support and promote security awareness and pragmatic information security management in order to protect the global automotive supply chain. TISAX® seeks to promote information security awareness throughout all levels of the global automotive supply chain and reinforce it with a consistent level of assurance.

Trusted by more than 1,000 of the world’s largest corporations, TISAX certification validates a company’s information handling practices and works to boost confidence across global supply chains. TISAX® recognizes companies that have demonstrated an advanced level of information security throughout their supply chain with a rigorous assessment tool, the TISAX® Standard. The benefits of achieving TISAX® certification include faster time-to-market, validated security processes, reduced risk and compliance costs, and a stronger position in negotiations.

  • Company recognition among automotive manufacturers and all TISAX® participants
  • Identifying risk, preventing information security breaches and cyber-attacks
  • Gaining customers and audit companies trust
  • Avoiding costly and time-consuming duplicate and multiple checks
  • The assessment for TISAX certification takes place only every three years, which leads to further savings of time and costs

Companies looking to certification must register with ENX as a participant on the TISAX online portal and at least one TISAX Assessment Scope. TISAX participation process contains multiple steps:

  1. Preparation. Research and study TISAX requirements.
  2. Registration. Register on the TISAX portal, select auditing body and prepare for audit.
  3. Self-assessment. Internal process to measure current level of compliance.
  4. Initial assessment. Audit execution depends on your qualifying for remote (Level 2) or physical (Level 3) audit. Assessment includes auditor interview, documentation review, and clarification of possible gaps and next steps.
  5. Corrective action plan. This step includes the preparation of an action plan to correct any initial audit finding (gaps) and submitting it to the audit provider.
  6. Follow-up. After corrective action plan is submitted it assess through follow up and TISAX report.
  7. Reporting and exchange. The auditor providers upload results of the audit to the TISAX platform and the audited company decides how would they like to share the results with selected suppliers and service providers. The audited company also receives TISAX labels from ENX.

TISAX® distinguishes between three assessment levels (protection requirements), depending on what protection is required. There are three assessment levels:

Level 1: Information with normal protection level.  Self-assessment without plausibility check, usually for internal purposes. Standard suppliers only need to complete the ISA questionnaire and publish this self-assessment in TISAX. Results of assessments with assessment level 1 are normally not used in TISAX.

Level 2: Information with high protection level. For more complex suppliers, the self-assessment as a basis will be followed by plausibility checks by telephone interview with an approved audit provider and ( if required ) on-site inspection.

Level 3: Information with a very high protection level. Suppliers who handle highly sensitive external data go through in-depth, comprehensive on-site inspection carried out by an independent audit provider based on their self-assessment.

These are the usual Information security levels for each assessment level. The party requesting your TISAX certification, e.g. your customer, usually defines which security level and assessment level it expects from you.

Yes, the TISAX® and ISO 27001 audits can be combined. To do so you should choose audit body certified approved for ISO 27001 and TISAX®. This allows both assessments to be carried out simultaneously and save time and efforts.

ISMS implementation is complex, time-consuming, and expensive

TISAX® ISMS Implementation is complex, time-consuming, and expensive, especially for small businesses and startups. It requires professional guidance, specialist expertise, and can take months – or even years – to implement. Hiring an external information security consultant can be even more expensive and out of budget.

complex & resource consuming
Information security is not simple. Organisations, managers and IT professionals often struggle with how, when, and where they should start implementing ISMS to meet VDA ISA / TISAX® compliance.

Doing the wrong things for the right reasons is still doing the wrong things. Without a clear strategy, step-by-step plan and the help of a third party, achieving certification take months of research, trial and error. There are many details to be coordinated, policies and procedures to be reviewed, and thought to be given to how security should be controlled across various networks and business units.

too expensive to small business
Level of complexity of ISMS depends on business context. However there are many VDA ISA standard requirements, controls, policies and documentation mandatory even for startups and small business.

Small to medium-sized businesses often don’t have dedicated team for VDA ISA / TISAX® implementation and budget to do it right. They try hard to create everything from scratch—throwing their whole security budget at it in one go. Unfortunately, this leads to an endless cycle of new implementations, with no progress made towards reaching your goals.

hard to do yourself from scratch
Even if you know what your ISMS stands for, and you think you know how to get it done, when it comes down to actually doing it's very easy to stuck and being overwhelmed.

Your entire day could be consumed trying to meet deadlines, staying informed and simply figuring out what’s the best course of action to keep your business safe. Staying in touch with all the new technological advancements can also prove to be tricky. There’s just too much out there for one person to comprehend it, let alone stay up-to-date about it all.

consultants are not the best fit
There is plenty of information security consulting companies out there that can provide an ISMS but they often charge a lot for their services and required additional onboarding projects.

External consultants are a good option for top-level companies, but they are too expensive and time-consuming for small to medium enterprises. The cost of hiring an external consultant often is pretty high and required additional time to find and manage it.

transforming the way business implement ISMS framework

A toolkit designed to eliminate common issues, takes you through everything you need for VDA ISA / TISAX® compliance, providing a structured and easy-to-implement approach. Get results fast, on the budget without compromising on quality.

TISAX® as simple as possible.

Less paperwork, more focus on what matters. Don’t waste time on creating everything from scratch, use this set of handcrafted resources to kickstart
VDA ISA / TISAX® ISMS project efficiently.

Go quickly and efficiently

Save a lot of time and human resources in research, documents creation and trials & errors. Set up VDA ISA / TISAX® ISMS in relative short time and minimal efforts, without reinventing the wheel.

Save time, money and resources

Prevent thousands spent on consultants delivering the same results. Save over 90% compared to the cost of TISAX® consultant with no effect on the documentation quality and business outcomes. 

A certification according to VDA-ISA/ TISAX would not have been achieved so quickly if we had not used the ISMS Toolkit great templates. Moreover, the helpful and friendly advice we received was not only a great help but also a lot of fun. Many thanks for this.
Anika Merkel
cyber-Wear Heidelberg GmbH
Build ISMS and get certified without frustration

Self-paced toolkit for rapid TISAX® ISMS implementation that includes a unique mix of readymade documents, trainings, expert community, step-by-step guidance and assistance through the whole process.

Designed for small and mid-size businesses who want to become more secure and get VDA ISA / TISAX® certification effortlessly, even without large budgets, endless paperwork and being overwhelmed by complex VDA ISA requirements and controls.

Implement VDA ISA / TISAX® compliant ISMS yourself fast, on the budget without compromising on quality.

Readymade documentation templates, step-by-step guidance, learning materials, experts community, and support. All in one comprehensive toolkit. Eliminate large money, time, and human resource spending by using proven ready-made templates and processes. Focus on what is essential for your career and business instead.
Readymade TISAX® documentation templates
ISMS Toolkit empowers you and your entire team with a structured system of documentation, guides, and templates to help you rapidly build and optimize your ISMS. Eliminate boring paperwork and large time spendings by using 95% complete pre-made documents template and step-by-step guidance to fill the remaining 5% with company-specific details.
Step-by-step VDA ISA / TISAX® implementation training

ISMS Academy is a structured information security learning path to assist organizations in managing information security. Academy provides everything you need to get started on your journey towards ISMS implementation and certification. Tailored courses on best practices, standards, policies, and much more. Accessible from any device, anywhere.

Private infosec community
We are here to help. ISMS Connect is a dynamic, fast-growing, and friendly community for anyone involved in information security management or interested in learning more about it. The community of people from different companies and backgrounds sharing ideas and knowledge to improve your
ISMS and therefore your career.
Expert support and assistance
Toolkit includes everything you need to implement ISMS yourself. If there is something you can not handle, or need further advice, we will be there for you, only a click away. Get access to unlimited email support, documentation review, video sessions, and 1 hour expert consultation to ensure everything is compliant with the standards.
100% No-Risk Money-Back Guarantee

With ISMS Toolkit, you will be able to set up a solid information security management system according to ISO27001 and VDA ISA TISAX standards. All documentation and support provided by professional infosec practitioners with in-depth knowledge and many years of hands-on experience in information security. If you are not satisfied with ISMS Toolkit over the next 15 days, we will refund 100% of your purchase. No questions asked.

1 year of updates

Product updates are free. When the ISMS documentation toolkit is updated, we notify our customers by email so that they can download the new version in user dashboard

Unlimited email support

Our team are ready to provide responsive email support at any time during your implementation project. Each question will be answered within 24 hours by our implementation experts.

Kickstart your ISMS implementation today

Move towards a better way of VDA ISA / TISAX® ISMS implementation. Purchase ISMS Toolkit Membership and unlock instant access to all current & upcoming products with 15 days no-risk money-back guarantee.

GUIDANCE & INSTRUCTIONS

Step-by-step guidance, in-built instruction, and info links

The documentation set structure follows the VDA ISA / TISAX® standard and includes instructions for each module, helping you go through every aspect effortlessly and make adjustments according to your business context. Simply follow documentation modules structure, replacing placeholders with your organization specific details with help of clear instructions and tips
included in every documents.

Built-in instructions

Every document supported with document in-built tips, comments, and detailed instructions helping you filling them and move through the process without distractions. Just click to include links in tips and comments to open the article from ISMS Academy and dive deeper into the topic clarify somethings, or learn the subject in detail.

Professional, well-organized system

Professional, well-organized documentation that can be easily reusable, customized, and inserted into your company management system, smoothly integrated with existing documentation. ISMS Documentation package includes 40 Word & Excel VDA ISA template files. All documents are available to download instantly.

No experience or tech skills required

ISMS toolkit makes it easy and painless to create documentation for your information security management system – even as a complete beginner. Easy-to-follow documentation that guides you through every step of the setup and maintenance of your ISMS once implemented and ready for certification against VDA ISA / TISAX®.

Plan and implement with confidence

Complete framework that guides through every step of the ISMS implementation, from zero to full compliance

ISMS Academy is a structured learning path to assist organizations in managing information security, ISMS implementation, and VDA ISA / TISAX® certification. Every module is numbered according to the project context and TISAX® implementation roadmap. So at every stage of the process, you will have clear visibility of your progress and the exact steps you need to do next .

Get overview of the whole process

See exactly what needs to be done. A well-organized and structured system that gives you an overview of the full scope, timeline all information you need. Get a clear understanding of how much technical work is to be done so you can plan and estimate your project before going into detail. 

Keep track of your project

Transparent project management for all team members and stakeholders. In-built guidance and documentation organization will navigate you thought the implementation process, so at every step you exactly know where to start, what is done, what to do next, and how far you are from the full compliance

Learning by doing
Spend 20% of your time learning and 80% of your time actually implementing ISMS — with our help along the way. Learn at your own pace, get the essential guidance, advice, and feedback on your progress directly from the instructor and community, so you will always know if you’re doing everything right.
All assistant and guidance you need

Live support, assistance through the process, and additional consulting
on demand

Toolkit includes everything you need to implement ISMS yourself. If there is anything you can not handle, or need further advice on a specific topic, we will be there for you, only a click away. Get an answer to any ISMS questions and implementation issues you may have. Unlimited email support combined with assistant from experts and private community thought the whole process.

Assistance thorough the process

With ISMS Toolkit you will receive all necessary tools, knowledge, and implementation support to effectively set up ISMS yourself and get VDA ISA / TISAX® certified.

Unlimited email support
Our team are ready to provide responsive email support at any time during your implementation project. Each question will be answered within 24 hours by our implementation experts.
Documentation review

Make your ENX TISAX® audit easier and more successful. Get your ready documents reviewed by an expert to ensure everything is filled right and compliant with the standards.

There are hundreds of people facing exactly the same challenges as you

We are here to help. Community of people from different companies and backgrounds sharing ideas and knowledge to improve your ISMS
and therefore your career.

Join our international community of  infosec practitioners and risk management professionals, who already learned how to implement ISO27001 and VDA TISAX ISMS in their business
and are eager to share their knowledge with you .

Network with ISMS practioners

The top 1% information security practitioners in startups, organizations, and enterprise gather to network, explore the most important issues facing during ISMS implementation, and learn how to solve their biggest problems. It’s all about connections. It’s about learning from each other.

Learn for experts

Sharing one’s knowledge is part of the learning experience. Community is more than just a place to ask questions. It’s also a place to connect with other members, share experiences, and learn from one another. With our dedicated channels, you can join up in conversation related to a specific topic.

Support from community

Get help from the community, and inspire others with your own solutions. If you are working on a hard problem, or facing a difficult decision, you can always ask the community for a little help to solve a problem. Any member can then upvote suggestions, ask questions, or comment on posts to help you find the most effective solution.

Unlock access with ISMS toolkit membership

Get full access to all of our currently available and upcoming products, templates, courses, step-by-step guidance, and unlimited support through the implementation process. Everything you need in one single membership. Start instantly with
15 days no-risk money-back guarantee.

Readymade ISO27001 & VDA TISAX documentation templates set with step-by-step implementation guidance​

Contains 40+ documents of ISO27001 / VDA TISAX policies, controls, processes and procedures to implement ISMS yourself, meet requirements of the standard, protect customer data and make your business more secure.

Live support, documents review and assistance through the whole ISMS implementation project.

Toolkit includes everything you need to implement ISMS yourself. If there is something you can not handle, or need further advice, we will be there for you, only a click away. Get access to unlimited email support, documentation review, video sessions, and 1 hour expert consultation to ensure everything is compliant with the standards.

ISMS Connect Community for Businesses & People in Infosec Industry

Learn, connect, and level up with the leading ISMS experts and other professionals like you. We here to help you improve your information security stay on top of the latest ISMS best practices, learn how to manage risks, protect data and get certified. Find the job opportunities and grow as a professional.

Readymade ISO27001 & VDA TISAX documentation templates set with step-by-step implementation guidance​

ISMS Academy is a structured information security learning path to assist organizations in managing information security. Academy provides everything you need to get started on your journey towards ISMS implementation and certification. Tailored courses on best practices, standards, policies, and much more. Accessible from any device, anywhere.
Designed based on industry best practices and years of experience

Created by a team of infosec practitioners with in-depth knowledge and many years of hands-on experience in information security,
based on industry best practices
and latest standarts.

We’re on the global mission to help 100,000 professionals learn, plan and implement information security management system, protect their customers' data, and
make the world more secure

ISMS Connect was founded in 2015 in Berlin by an enthusiastic team who wanted to make information security easily available for everyone. We are here to provide tools, training, and support to small and medium organizations looking to implement and maintain an information security management system (ISMS) and get ISO27001 or VDA TISAX certified.

8
years of hands-on experience in information security and ISMS implementation.
345
clients from 5 countries helped to implement ISMS and getting certified
10000+
ISMS Toolkit documents prepared and reviewed against ISO and VDA requirements.
ISMS implementation experience professionals love, with the benefits your business needs

ISMS Connect Toolkit eliminates common issues, expenses, and stress during ISMS implementation. giving you the perfect balance of readymade documentation, self-serve implementation process, and expert support.

Implement yourself with ISMS Toolkit and Assistance
Learn and implement ISMS yourself from scratch in-house
Hire an external consultant that will set up ISMS for you.
We found it very enriching to be able to achieve our planned certification so quickly and with such a high level of quality with the help of the toolkit and the great advice. Thanks a lot for this support.
Klemens Vatterodt
Team Lead Service Delivery, COYO GmbH
instant access with ISMS TOOLKIT MEMBERSHIP​

Get full access to all of our currently available and upcoming products, templates, courses, step-by-step guidance, and unlimited support through the implementation process. Everything you need in one single membership.

Plus

Perfect for IT specialist

€990

Lifetime license, 1 year of support & updates, 1 company,
1 user

ISMS Documentation Toolkit
ISMS Academy
ISMS Connect
ISMS Assistance

Professional

For small & medium business

€1490

Lifetime license, 1 year of support and updates for 1 company, 
10 users

ISMS Documentation Toolkit
ISMS Academy +
ISMS Connect
ISMS Assistance +

White Label

For infosec consultants

€2790

Lifetime license, 1 year of support and updates for 1 company,
10 users

ISMS Documentation Toolkit
ISMS Academy +
ISMS Connect
ISMS Assistance +
100% No-Risk Money-Back Guarantee

With ISMS Toolkit, you will be able to set up a solid information security management system according to ISO27001 and VDA ISA TISAX standards. All documentation and support provided by professional infosec practitioners with in-depth knowledge and many years of hands-on experience in information security. If you are not satisfied with ISMS Toolkit over the next 15 days, we will refund 100% of your purchase. No questions asked.

1 year of updates

Product updates are free. When the ISMS documentation toolkit is updated, we notify our customers by email so that they can download the new version in user dashboard

Unlimited email support

Our team are ready to provide responsive email support at any time during your implementation project. Each question will be answered within 24 hours by our implementation experts.

ISMS Toolkit is a collection of tools & templates designed to help you implement an information security management system (ISMS) compliant with the two most popular security standards: ISO27001(the international standard for information security management) and VDA ISA (TISAX) (the information security standard for the automotive industry). The toolkit includes templates and guidance to create all ISO27001 and VDA ISA policies, controls, processes, and procedures to meet the requirements of both standards, protect customer data, and make your business more secure.

TISAX stands for “Trusted Information Security Assessment Exchange”. VDA ISA (TISAX) is a control system for security information. It provides guidelines to ensure an appropriate level of security for IT systems in the automotive industry. VDA ISA (TISAX) refers to the management of information technology as a critical infrastructure. In addition to data protection, this also includes all aspects of Information Security, such as confidentiality, integrity, and availability. It consists of requirements from VDA ISA (Verband der Automobilindustrie Information Security Assessment), which were confirmed by TÜV Rheinland on behalf of VDA in the course of their annual audits.

Yes, but the VDA / ISA TISAX standard is free of charge. We would recommend getting a copy of the standard itself from the  official VDA ISA website. First of all without one, you may find that you spend more time than necessary trying to locate answers to your questions. Having the actual source document will help you better understand all the information needed for the implementation process.

And secondly during the certification process you will need to show auditor which criteria your ISMS is built against, so defacto it’s required for certification.

No, we don’t offer certification. Our goal is to help you set up an information security management system yourself with ISMS Toolkit and prepare your organization for the certification audit. To arrange certification, you need to contact a Registered Certification Body (RCB) in your region who will conduct a two-stage audit to verify that you are compliant with standard requirements.

Normally, the whole process can take up to 12-18 months depends on the size and complexity of your organization, and there are a number of stages that need to be completed before you can be standard certified. Even though many organizations focus on Information Security, the implementation of ISMS is not easy for everyone. There is a lot of work involved to prepare for an audit and be ready for certification. Even more without proper planning, the cost of certification can be extremely high with little to no return on investment.

In the same time, from our practice we know it’s possible to acchieve certification much faster (4-6 month) and with less expenses. And a lot of our customers actually do that. ISMS Toolkit helps you cut certification time from 1-1,5 year to a few month saving thousands of budget in the process.

In addition, there are several more conditions that you should to consider:

  • Having an information security responsible / project manager that is ISO or IT from start that is commited and can work every day or every other day on ensuring that tasks are carried out and defined processes are taken in place.
  • Top management must commit and transfer responsibility to release documents to this person.
  • Having an existing cert. like 9001 helps to achieve best target of 3-4 months.
  • Size of organization has lower impact (e.g. 100-500 employees often the same), more number of locations is a bigger impact.
  • Motivation to adopt new processes thorough departments.
  • Close working with HR & IT.

The TISAX® Label is one of the most respected certificate for information security in the automotive industry. Setting up an Information Security Management System (ISMS) for your company can be a lot to take on. It requires a lot of risk assessments, policies, and procedures which all need to be reviewed and put together by someone in-house who has the necessary technical know-how. There is plenty of information security consulting companies out there that can provide an ISMS but they often charge a lot for their services and required additional onboarding projects. While external consultants are a good option for top-level companies, they are too expensive and time-consuming for small to medium enterprises. The cost of hiring an external consultant often is pretty high and required additional time to find and manage it.

Small companies with fewer than 100 employees can expect to pay less than €10,000. Companies with over 100 employees and over €10 million in revenue can expect to pay more than €50,000.

ISMS Toolkit designed to eliminate large money, time, and human resource spending on reinventing the wheel by using proven ready-made templates and processes. Focus on what is essential for your life and business instead. Prevent thousands spent on consultants delivering the same like the toolkit and save over 90% compared to the cost of ISMS consultant with no effect on the documentation quality and business outcomes.

Doing the wrong things for the right reasons is still doing the wrong things. Without a clear strategy, step-by-step plan, and the help of a third party, achieving certification take months of research, trial, and error. That’s why we created ISMS Toolkit.

ISMS Toolkit gives you clear overview of the whole process.

See exactly what needs to be done. A well-organized and structured system that gives you an overview of the full scope, timeline all information you need. Get a clear understanding of how much technical work is to be done so you can plan and estimate your project before going into detail.

The assessment gives you the opportunity to see how your information security management system (ISMS) stacks up to the requirements of VDA ISA. The risk of not passing the TISAX assessment is very real. If your information security management system (ISMS) has not the necessary maturity level (target maturity level is 3), you run the risk of non-compliance, which could lead to hefty financial penalties or even losing customers. This is why you need a plan in place so that you can be as prepared as possible before going into the assessment.

Internal assessment:

Internal assessment can’t be failed but can lead to poor results. Your self-assessment is important due to the fact that the testing service provider use these results as initial position. The most common result is a maturity level lower than 3, because some little things are missing or not implemented yet, so you need to re-do it. To do so you can always contact us to look into results to remedy discrepancies and help you to come up with a better solution.

External assessment:

The assessment result can be one of three possible outcomes: compliance, temporary certificate, or non-compliance. The most common one is compliance. This is where everything is in order and there are no outstanding issues (maturity level 3). However, sometimes an organization will receive a temporary certificate due to outstanding issues that needs to be corrected. The last outcome is non-compliance. This means your systems don’t meet the requirements, and you haven’t passed the re-assessment or your review period exceeded.

Yes. Most of the documents described in security standards are mandatory. These documents act as proof of a proper Information Security Management System. To verify your compliance auditor will review all the ISMS documentation, which means that what is not written down in your documentation just not exist from the auditor’s point of view. Having all required ISMS documentation in place is a key element of successful security standards certification.

Yes, sure. We believe information security doesn’t need to be hard. Our goal is to give companies the tools they need to tackle the topic of “information security” themselves. ISMS Toolkit designed to help you implement ISMS yourself with step-by-step guidance and support without time and budget consuming external consulting services.

Yes, but can be a variety of persons like IT manager, quality manager, or something close to IT, Data protection officer also possible. We also offer the position of external ISO as a bookable service.

Yes, we can help you with the assessment. In addition to support and assistance through the process, we would be happy to advise and support you with assessments with our customizable service options.

We're here to help

Have another question? Feel free to contact us, we’ll happy to answer any questions on help you with purchase.