Simplify your ISMS journey and get certified faster

ISMS Toolkit is a collection of tools & templates designed to help you implement an information security management system (ISMS) compliant with the two most popular security standards: ISO 27001 (the international standard for information security management) and VDA® ISA (TISAX®) (the information security standard for the automotive industry).

TISAX® (Trusted Information Security Assessment Exchange) is an information security standard tailored to the needs of the automotive industry. It's a standard that vehicle manufacturers, automotive suppliers, IT service providers, consultants and third-party software vendors can use to meet their information security requirements for automobile production. TISAX® certification is a compulsory requirement for many automobile manufacturers and suppliers to the German automotive industry.

The TISAX® is based on an Information Security Assessment (ISA) developed by the VDA® (Association of the Automotive Industry), which was first used by member companies of the VDA® for inspections of suppliers and providers whose companies process sensitive information. The goal of the TISAX certification is to increase transparency in the automotive industry by certifying suppliers based on their ability to secure critical data.

TISAX® in its core is based on essential requirements of ISO 27001 international information security standard, but is more specific to automotive and reflects automotive-specific topics, such as external communication channels and interfaces.

Yes, the TISAX® and ISO 27001 audits can be combined. To do so you should choose audit body certified approved for ISO 27001 and TISAX®. This allows both assessments to be carried out simultaneously and save time and efforts.

No, we don't offer certification. Our goal is to help you set up an information security management system yourself with ISMS Toolkit and prepare your organization for the certification audit. To arrange certification, you need to contact a Registered Certification Body (RCB) in your region who will conduct a two-stage audit to verify that you are compliant with standard requirements.

Small companies with fewer than 100 employees can expect to pay around €10,000 to an certification body.
We help all customers of ISMS Connect to choose a fair offer of the certification body.

Additionally, a consultant can charge up to 50.000€ for a small or medium sized project to help you implement all requirements.

ISMS Connect is designed to eliminate large money, time, and human resource spending on reinventing the wheel by using proven ready-made templates and processes. Focus on what is essential for your life and business instead. Prevent thousands spent on consultants delivering the same toolkit and save over 90% compared to the cost of ISMS consultant with no effect on the documentation quality and business outcomes.

Absolutely! We believe information security doesn't need to be hard. Our goal is to give companies the tools they need to tackle the topic of “information security” themselves. ISMS Connect designed to help you implement ISMS yourself with step-by-step guidance and support without time and budget consuming external consulting services.

Absolutely! We believe information security doesn't need to be hard. Our goal is to give companies the tools they need to tackle the topic of “information security” themselves. ISMS Connect designed to help you implement ISMS yourself with step-by-step guidance and support without time and budget consuming external consulting services.

We suggest to! Most of the documents described in security standards are mandatory. These documents act as proof of a proper Information Security Management System. To verify your compliance auditor will review all the ISMS documentation, which means that what is not written down in your documentation needs to be proven in another way. Having all required ISMS documentation in place is a key element of successful security standards certification.

The audit gives you the opportunity to see how your information security management system (ISMS) stacks up to the requirements of ISO 27001 or TISAX®. The risk of not passing the audit is very real. If your information security management system (ISMS) is not in line with the requirements of ISO 27001 or TISAX®, you run the risk of non- compliance, which could lead to hefty financial penalties or even losing customers. This is why you need a plan in place so that you can be as prepared as possible before going into the audit.

Internal audit:
Internal audit can't be failed but can lead to poor results. There is no direct influence on the external audits besides consuming time. The most common result is remedy discrepancies, so you need to re-do it. To do so you can always contact us to look into results to remedy discrepancies and help you to come up with a better solution.

External audit:
The audit can result in one of three possible outcomes: compliance, temporary certificate, or non-compliance. The most common one is compliance. This is where everything is in order and there are no outstanding issues. However, sometimes an organization will receive a temporary certificate due to outstanding issues that need addressing. The last outcome is non-compliance. This means you're not audited properly or your systems don't meet the requirements, so you require at least one improvement action before the next audit date.

ISMS Connect includes an Pre-Audit Check to ensure that your organization is audit-ready.

You can pay by credit card or via SEPA direct debit.

No, you can use the documents in your own organization without any restrictions after downloading - even after cancelling the subscription.

1SO 27001 s a leading international information security standard, specifying the requirements for an organization's information security management system (ISMS). An ISMS is a documented set of policies, procedures, processes, and controls that are designed to address all aspects of information security within your organization. The standard was first published in 2005 and has been updated incrementally since then. ISMS is based on the fundamental concepts of information security including people, processes, and technology. ISO 27001 is recognized by governments and regulatory agencies across the globe. We've created this toolkit to help you get up and running with ISO 27001 quickly and easily, using best practice documentation methods.

Companies looking to certification must register with ENX® as a participant on the TISAX® online portal and at least one TISAX® Assessment Scope. TISAX® participation process contains multiple steps:

- Preparation. Research and study TISAX® requirements.
- Registration. Register on the TISAX® portal, select auditing body and prepare for audit.
- Self-assessment. Internal process to measure current level of compliance.
- Initial assessment. Audit execution depends on your qualifying for remote (Level 2) or physical (Level 3) audit.
- Assessment includes auditor interview, documentation review, and clarification of possible gaps and next steps.
- Corrective action plan. This step includes the preparation of an action plan to correct any initial audit finding (gaps) and submitting it to the audit provider.
- Follow-up. After corrective action plan is submitted it assess through follow up and TISAX® report.
- Reporting and exchange. The auditor providers upload results of the audit to the TISAX® platform and the audited company decides how would they like to share the results with selected suppliers and service providers. The audited company also receives TISAX® labels from ENXe.

Yes. We would recommend getting a copy of the resepective standard itself from the ISO® official website (or Beuth) and VDA® ISA website. First of all without one, you may find that you spend more time than necessary trying to locate answers to your questions. Having the actual source document will help you better understand all the information needed for the implementation process.

And secondly during the certification process you will need to show auditor which criteria your ISMS is built against, so defacto it's required for certification.

Normally, the whole process can take up to 12-18 months depends on the size and complexity of your organization, and there are a number of stages that need to be completed before you can be standard certified. Even though many organizations focus on Information Security, the implementation of ISMS is not easy for everyone. There is a lot of work involved to prepare for an audit and be ready for certification. Even more without proper planning, the cost of certification can be extremely high with little to no return on investment.

In the same time, from our practice we know it's possible to achieve certification much faster (3-6 month) and with less expenses. And a lot of our customers actually do that. ISMS Toolkit helps you cut certification time from 11,5 year to a few month saving thousands of budget in the process.

In addition, there are several more conditions that you should to consider:

Having an information security responsible / project manager that is ISO or IT from start that is commited and can work every day or every other day on ensuring that tasks are carried out and defined processes are taken in place.

Top management must commit and transfer responsibility to release documents to this person. Having an existing cert. like 9001 helps to achieve best target of 3-4 months.

Size of organization has lower impact (e.g. 100-500 employees often the same), more number of locations is a bigger impact.

Motivation to adopt new processes thorough departments.

Close working with HR & IT.

Small companies with fewer than 100 employees can expect to pay around €4000 to an certification body for an AL2 assessment.

We help all customers of ISMS Connect to choose a fair offer of the certification body.

Additionally, a consultant can charge up to 50.000€ for a small or medium sized project to help you implement all requirements.

ISMS Connect is designed to eliminate large money, time, and human resource spending on reinventing the wheel by using proven ready-made templates and processes. Focus on what is essential for your life and business instead. Prevent thousands spent on consultants delivering the same toolkit and save over 90% compared to the cost of ISMS consultant with no effect on the documentation quality and business outcomes.

Doing the wrong things for the right reasons is still doing the wrong things. Without a clear strategy, step-by-step plan, and the help of a third party, achieving certification take months of research, trial, and error. That's why we created ISMS Connect.

ISMS Connect gives you clear overview of the whole process.

Doing the wrong things for the right reasons is still doing the wrong things. Without a clear strategy, step-by-step plan, and the help of a third party, achieving certification take months of research, trial, and error. That's why we created ISMS Connect.

ISMS Connect gives you clear overview of the whole process.

See exactly what needs to be done. A well- organized and structured system that gives you an overview of the full scope, timeline all information you need. Get a clear understanding of how much technical work is to be done so you can plan and estimate your project before going into detail.

Yes, but can be a variety of persons like IT manager, quality manager, or something close to IT, Data protection officer also possible. We are pleased to help you find the right person for this job.

Yes, we can help you with audit preperation and preparing the assessment. In addition to support and assistance through the process, we would be happy to advise and support you with audits with our customizable service options.

After payment, you can login with your credentials to access your user account and all content in your plan. If you pay by credit card, your access is instantly available.

Of course. We believe information security doesn't need to be hard. Our goal is to give companies the tools they need to tackle the topic of "information security” themselves. The ISMS Toolkit is designed to help you implement ISMS yourself with step-by-step guidance and support without time and budget consuming external consulting services.

ISMS Connect is an independent consultancy and not affiliated with ENX® TISAX,VDA® ISA, ISO® or DIN®.

ISMS Connect company is not a part and not affiliated with any other company. Additionally, This site is NOT endorsed by any other company including those listed below.

TISAX® is a registered trademark of the ENX Association.VDA® is a registered trademark of Verband der Automobilindustrie.ISO® is a registered trademark of the International Organization for Standardization.DIN® is a registered trademark of Deutsches Institut fiir Normung (German Institute for Standardisation).