TISAX ยท Advisory Service Components

For organizations building the VDA ISA 6.0 ISMS foundation.

Advisory engagements are the bladestack.io core. We deploy a TISAX-specialist lead with two to four engineers who embed with your security, engineering, and facilities teams across the assessment scope. The goal is not to hand you a report. It is to build an ISMS, prototype protection program, and technical control environment that pass the ENX-accredited assessment at your target level and label set. Whether you are starting from ISO 27001 alignment, a legacy SOC 2 program, or nothing formal, we scope the engagement against your OEM contract requirements, your assessment objectives, and the timeline you are committed to.

  • TISAX Readiness Review For organizations evaluating their TISAX posture before committing to an assessment. An 8 to 10 week technical deep-dive into your ISMS, prototype workflows, OT boundaries, and supplier data flows. We produce a control-by-control maturity scoring against the relevant VDA ISA 6.0 sections, a prioritized gap remediation roadmap mapped to your OEM deadlines, a scope ID recommendation for the ENX portal registration, and a realistic timeline to audit readiness. Right entry point when you have not yet registered with ENX or you need to size the full program before committing advisory budget.
  • Phase 0: TISAX Discovery Fast Track For organizations committed to the full certification journey. Accelerated discovery that bypasses the standalone assessment and flows directly into implementation. We produce foundational artifacts including your asset and system inventory, data classification matrix for pre-series and serial production data, prototype protection perimeter map, and governance architecture blueprint. Everything discovered becomes input for the build phase. No assessment report gathering dust while you decide next steps.
  • TISAX Advisory Engagement The core engagement. We design and build your complete TISAX program. ISMS documentation for VDA ISA 6.0. Prototype protection architecture for Proto Parts, Proto Vehicles, or Test Vehicles labels where in scope. Supplier data flow controls for Info High and Info Very High labels. Data protection integration for Data and Special Data labels where GDPR alignment is required. We embed with your ML, platform, and OT teams, work through implementation challenges together, and ensure governance designs translate into operational reality. Typical duration is 5 to 7 months.
  • Sentinel: Assessment and Audit Support We stay until labels are issued. Evidence coordination for AL2 plausibility checks and AL3 on-site audits. Interview preparation for your technical stakeholders. Real-time response to auditor findings. CAP execution alongside your engineering team. Follow-up plausibility check management with the audit provider. ENX portal coordination through label issuance. The engagement ends when your labels are visible on the ENX portal, not when documentation delivery is complete.

Every deliverable reflects your actual infrastructure. Your prototype floor. Your supplier portals. Your production pipelines. Documentation that your engineers recognize as accurate descriptions of systems they built and operate daily. When auditors review our packages, technical claims trace to implementation evidence, governance controls trace to infrastructure configurations, and interviews validate rather than contradict written artifacts.

Includes:

  • TISAX Readiness Review
  • Phase 0 Fast Track Discovery
  • Full ISMS Documentation (VDA ISA 6.0)
  • Prototype Protection Architecture
  • Supplier Data Flow Controls
  • Scope ID and ENX Portal Registration Support
  • Internal Audit Rehearsal
  • Sentinel Assessment and Audit Support Through Label Issuance