Celonis_TISAX_Compliance_1_.pdf
- 2. Introduction With its Process Mining Technology Celonis offers a state-of- the-art tool for analyzing business processes within the company. By visualizing the as-is processes, Celonis supports companies in simplifying existing processes and thereby increasing their efficiency and quality. Having optimized processes leads to increased employee satisfaction, too. When using the Process Mining Technology, Celonis helps you as the analyze and visualize the provided data as analyzed within the Intelligent Business Cloud. Celonis has taken multiple efforts to ensure compliance with several information security frameworks and standards, providing you with the assurance that Celonis is a trustworthy processor of all your data.
- 3. Security highlights ISO 27001 certified SAML and OpenID based SSO Secure Software Development Life Cycle 3rd Party Audits and Pen-testing Password policy and built-in 2 Factor Authentication Data encryption at rest and in transit For detailed description please visit https://www.celonis.com/trust-center/
- 4. About TISAX • TISAX (https://enx.com/tisax) stands for Trusted Information Security Assessment Exchange and was developed through the German Automotive Industry Association (Verband der Automobilindustrie) in association with European automotive manufacturers called the European Network Exchange (ENX). • TISAX is a registered trademark and governed by the ENX Association. • The TISAX Assessments are conducted by accredited audit providers that demonstrate their qualification at regular intervals. TISAX and TISAX results are not intended for general public. • TISAX is an automotive industry standard Information Security Standard (ISA) evaluation catalog on key aspects of securing the information. • The catalogue of underlying TISAX requirements provides common standards for IT security measures, and enables companies registered in TISAX to share assessment results on the ENX portal.
- 5. TISAX Assessment Levels • Includes performed self- assessment • Review of plausibility • Is a plausibility check with a detailed assessment • Plausibility check means that the descriptions provided and the evidence for every VDA-ISA control can be checked. • Between 6 to 10 controls are checked • Is a complete detailed assessment • This means that all descriptions and evidence for each VDA ISA control are considered and verified in detail • Includes on-site audit AL 1 AL 2 AL 3
- 6. TISAX AL3 Assessment Process Supported by Quality of Evidence Maturity level Start request On-site evaluation Follow-up report Submission of evidence Preliminary verification Quality description of Control implementation 1 2 3
- 7. Celonis and TISAX • In March 2020 an independent ENX-accredited auditor, TÜV Rheinland, completed the TISAX assessment against TISAX specifications and IT security requirements. • The TISAX assessment was focused on Celonis Intelligent Business Cloud services based in Munich, Germany. • Celonis was assessed per Assessment Level (AL) 3 based on VDA ISA Version 4.1.1 • The result is exclusively retrievable over the ENX Portal: https://portal.enx.com/en-US/
- 8. Celonis TISAX assessment results • Industry representatives registered with ENX can find details on the TISAX assessment within the ENX Portal • To search for assessment results, sign in to your existing TISAX account, and search for Celonis. Alternatively, you may narrow your search using the information below: • Assessment ID: ATZK8V-1 • Scope ID: S4VRNV
- 9. Addendum This document is provided for informational purposes only. It represents Celonis’s current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of Celonis’s products or services, each of which is provided “as is” without warranty of any kind, whether express or implied. This document does not create any warranties, representations, contractual commitments, conditions or assurances from Celonis, its affiliates, suppliers or licensors. The responsibilities and liabilities of Celonis to its customers are controlled by Celonis agreements, and this document is not part of, nor does it modify, any agreement between Celonis and its customers. Disclaimer