TISAX · Graham Miranda Network

TISAX readiness for automotive supply chain

TISAX preparation for German automotive suppliers and tier-N partners — VDA ISA mapping, documentation lift, evidence collection and audit prep. Designed for medium-sized suppliers that need TISAX label for OEM business but do not have a dedicated compliance team.

서비스 열기 ↗문의

TISAX readiness · VDA ISA · automotive supplier security · TISAX audit prep

TISAX readiness for automotive supply chain Graham Miranda service overview

개요

이 페이지에서 다루는 내용

TISAX preparation for German automotive suppliers and tier-N partners — VDA ISA mapping, documentation lift, evidence collection and audit prep.

Scoping: VDA ISA assessment level (AL1/AL2/AL3) and information security goals
Gap assessment against VDA ISA controls
Documentation lift: ISMS framework, policies, procedures
Evidence collection for control implementation
Audit-prep workshops with rehearsal of likely auditor questions

진행 방식

명확한 마일스톤을 갖춘 투명한 협업 모델.

Scoping

Confirm which TISAX assessment level is contractually required, which information classes (confidential / strictly confidential / protection of prototypes / data protection) are in scope.

Map & lift

Map current controls against VDA ISA. Build out missing policies, procedures and evidence over 4–9 months.

Audit prep

Rehearse audit interviews, organise evidence, coordinate with ENX-accredited auditor for the formal assessment.

기대되는 결과

과장 없는 현실적이고 정직한 기대치.

OEM-ready

TISAX label achievable within reasonable timeline.

Documented ISMS

Information security management system that survives staff change.

Audit confidence

Team has practiced; evidence is organised.

Reusable

Documentation also supports ISO 27001 or BSI Grundschutz adjacent work.

Network depth

자주 묻는 질문

Graham Miranda 서비스 영역을 비교하는 방문자를 위한 간결한 답변.

Are you ENX-accredited auditors?

No — TISAX audits must be conducted by ENX-accredited audit providers. We prepare you for the audit; we do not perform the formal assessment.

Which TISAX level is right for us?

OEMs and tier-1 customers usually specify the required level in the contract or RFQ. AL2 is most common; AL3 for highly sensitive information including prototype protection.

How long does preparation take?

AL2 readiness: typically 4–6 months from baseline. AL3 with prototype protection: 6–9 months. Compresses where ISO 27001 maturity is already present.

Do you cover prototype protection?

Yes — physical and information security requirements for prototype protection are covered, with the caveat that final physical-security work (vaults, controlled rooms) is implemented by physical-security specialists.

What about data protection (VDA ISA chapter)?

Yes — the data protection objective is covered, combining with GDPR readiness work where useful.

Can we keep TISAX after the initial label?

Yes — annual maintenance, retests and 3-year recertification cycles are supported via retainer arrangements.

다음 단계