The Right Customer Requirements
Effective TISAX delivery starts by registering with ENX first. Next, define exactly what will be assessed across sites and systems. Therefore, the scope should be clearly defined from the beginning. However, poor scoping causes delays, rework, and unnecessary audit risk. As a result, planning supports RFQs, reduces risk, and meets expectations.
Why customer requirements matter in TISAX
TISAX exists to help automotive organisations demonstrate that they properly protect sensitive information. OEMs and Tier 1 suppliers use TISAX to decide whether a supplier can be trusted with their data. For this reason, customer requirements sit at the centre of the TISAX process.
Many customer contracts and RFQs now state clearly which TISAX labels or assessment levels are required. If these requirements are not met, work may not begin. Understanding what the customer expects at an early stage helps avoid wasted effort and missed opportunities.
Starting with ENX registration
The TISAX process begins with registration on the ENX platform. This step registers the organisation as a TISAX participant and allows an assessment to take place. Early registration is important because it sets the foundation for everything that follows.
During registration, organisations define their assessment scope and assessment objectives. These choices directly affect cost, timelines, and audit effort. Delaying registration often delays the entire project and increases pressure later in the process.
Getting the The Right Customer Requirements from the start
Scoping defines what will be assessed and where the assessment applies. This includes locations, IT systems, people, and processes that handle customer data. According to the TISAX Participant Handbook, the assessment scope must cover all areas that process or protect customer information.
Poor scoping is one of the most common causes of problems during TISAX assessments. If something is missed, the scope may need to be changed, which can trigger additional audit work, delays, or even reassessment. Clear scope planning helps avoid these risks.
How Assessment Levels affect customer expectations
TISAX uses Assessment Levels (AL) to match audit depth to information risk.
AL1 – Self‑assessment
AL1 is for internal use only. It confirms that a self‑assessment exists, but the content is not reviewed in detail. AL1 is not accepted by OEMs or Tier 1 suppliers as proof of compliance.
AL2 – Independent assessment
AL2 is the most common customer requirement. It applies where information has high protection needs. Evidence is reviewed, and staff are interviewed, usually remotely. AL2 results can be securely shared with customers via the ENX platform.
AL3 – Full on‑site assessment
AL3 is required where information protection needs are very high, such as for strictly confidential data or prototype work. The auditor verifies controls through on‑site checks, observations, and detailed interviews. AL3 provides the highest assurance and automatically covers AL2 requirements.
Choosing the correct assessment level based on customer need is essential. Over‑scoping increases cost, while under‑scoping risks rejection.
Supporting RFQs and reducing risk
Clear planning, correct scoping, and alignment to the right assessment level help organisations respond confidently to RFQs. Customers see clear evidence that controls are in place and verified. This reduces risk, avoids delays, and supports long‑term supplier relationships across the automotive supply chain.
