Within TISAX® there are 3 assessment levels (AL1-3) and 10 assessment objectives, also known as TISAX® labels, depending on the grade protection requirements. You must select the appropriate ALs and test targets depending on your client’s requirements. To give you a better overview, we have compiled an overview here:
The assessment levels
Assessment level 1
Normal protection requirements
The lowest level: The AL1 is a pure self-disclosure and is hardly used in common practice. They are primarily used for internal purposes, have little informative value and are not used in TISAX®. The AL1 is identical to the VDA-ISA questionnaire with the difference that the results are shared simultaneously via the TISAX® platform.
Assessment level 2
High protection requirements
In addition to its own assessment of the security level, the AL2 undergoes a plausibility check by means of a telephone interview with an external testing service provider.
An on-site visit can take place in addition to this telephone call, for example at:
- Ambiguities and deviations
- Test objective “prototype protection” (independent of the protection requirement)
- Test objective “Connection of third parties” (independent of protection requirements)
Assessment level 3
Very high protection requirements
With the AL3, a direct plausibility check of your self-assessment is always carried out on site by an accredited auditor.