Pre-Assessment
What it is: Simulation of official assessment to verify readiness
Objective: Validate if the organization is ready for formal assessment
Duration: 1-2 weeks
Main Activities:
-
Mock Assessment Execution: Full simulation of the formal TISAX assessment process
-
Control Testing: Comprehensive testing of implemented security controls and processes
-
Documentation Verification: Review of all required documentation for completeness and accuracy
-
Interview Simulation: Practice sessions with key personnel to ensure readiness
-
Evidence Validation: Verification that all required proof points are available and accessible
-
Final Gap Identification: Discovery of any remaining issues or areas needing attention
Testing Areas:
-
Technical Controls: Network security, access controls, encryption, monitoring systems
-
Administrative Controls: Policies, procedures, training records, incident logs
-
Physical Controls: Facility security, environmental protections, access logging
-
Operational Controls: Change management, backup procedures, vulnerability management
Quality Assurance:
-
Documentation completeness check
-
Process maturity validation
-
Staff readiness assessment
-
System configuration verification
-
Compliance evidence organization
-
Key Deliverables:
-
Pre-assessment findings report
-
Readiness checklist with completion status
-
Final remediation recommendations
-
Assessment preparation guidelines
-
Staff interview preparation materials
Result: Readiness report with final recommendations and go/no-go decision