TISAX Costs & Process

What Does a TISAX Assessment Cost?

The costs of a TISAX assessment vary considerably depending on company size, number of sites, chosen assessment level, and scope (number and type of labels). There is no one-size-fits-all answer, but we can break down the cost factors transparently so you can plan realistically.

Key Cost Factors

ENX Registration Fee

Registration on the ENX Portal is the first cost item. The fee depends on the number of sites and the scope. For a single site with one assessment scope, it typically amounts to several thousand euros. For multiple sites, the fee increases accordingly. The registration fee covers the administration of the assessment on the ENX Portal and the publication of results.

Audit Day Rates

Accredited audit providers charge day rates between 1,200 and 1,500 EUR per day. The audit duration depends on the assessment level and scope:

• AL2 (Remote): Typically 2-3 days for one site with one label scope
• AL3 (On-site): Typically 3-5 days for one site, including physical inspection
• Each additional site or label scope extends the audit by 1-2 days

Add travel costs for AL3 (transportation, hotel) and potentially preparation days for the auditor to review documentation.

Internal Costs

The largest cost block is often the internal personnel effort: gap analysis, ISMS development, policy creation, training, self-assessment, and audit preparation tie up resources for weeks or months. Budget for at least one full-time equivalent for the project duration (for SMEs) up to a multi-person project team (for enterprises).

Additional internal costs: tool licenses (GRC software, SIEM, MDM), technical measures (MFA rollout, encryption, network segmentation), physical security measures (access controls, cameras), and external consulting.

Total Cost Ranges by Company Size

These ranges cover total initial costs including consulting. Companies with an existing ISO 27001 certification typically fall at the lower end of the range, as a large portion of the requirements are already met.

Timeline: How Long Does It Take?

The preparation time depends heavily on whether you have an existing ISMS. Here are realistic timelines with Kopexa:

These timelines assume that you allocate dedicated resources to the project. If TISAX preparation runs "on the side," timeframes typically double in our experience. The preloaded ISA catalog and measures catalog in Kopexa typically saves 4-6 weeks of manual preparation work.

Recertification After 3 Years

TISAX labels are valid for 3 years. After that, a re-assessment is required. The good news: recertification typically costs 60-70% of the initial costs, since the ISMS is already in place and only delta reviews are necessary. The timeline is significantly shorter — plan for 4-8 weeks of preparation.

Important: Begin recertification planning at least 6 months before the label expires to remain seamlessly visible on the ENX Portal. More details can be found on our TISAX Recertification page.

Cost Saving Tips

• Keep scope narrow: Only the sites and labels that the OEM actually requires. Each additional site costs 5-15k EUR extra.
• Use ISO 27001 as a foundation: If you need an ISMS anyway, start with ISO 27001 and extend to TISAX. This saves 30-40% compared to two separate projects.
• GRC tool instead of Excel: Manual gap analyses in Excel are error-prone and time-consuming. A preloaded catalog like in Kopexa saves weeks of preparation work.
• Compare audit provider quotes: Day rates vary by 20-30% between providers. Getting two to three quotes pays off.
• Start early: Time pressure leads to expensive emergency solutions and external consulting costs. Plan for at least double the timeline.

A detailed step-by-step guide can be found in our TISAX Checklist. Tips for optimal preparation for audit day can be found on our Audit Preparation page.