Purchasing

TISAX at ZF LIFETEC

In today's interconnected and information-driven business landscape, it is essential to have robust information safeguards in place. Many of our customers have incorporated TISAX requirements into their Terms & Conditions, necessitating that we, along with our supply chain, demonstrate a mature Information Security Management System (ISMS). 

Therefore, ZF LIFETEC requires TISAX certification for suppliers who meet the relevant criteria, and the certificate must be maintained in the in the SupplyOn Business Directory. The valid certificate is a prerequisite for sourcing. 

For more information on SupplyOn Business Directory, see our Digital Business Page

TISAX Relevance

TISAX certificate is required by a supplier who meets one or more of the criteria below:

• Work with confidential data
• Have system access to ZF LIFETEC Information
• Obtain copies of sensitive ZF LIFETEC documents (Drawings)
• Provide parts specific to ZF LIFETEC requirements

Levels of TISAX Certification

We expect that relevant suppliers will conduct Assessment Level 3 (AL-3). The core module is the ISMS (Information Security Management System).  Depending upon the business relationship with ZF LIFETEC, modules Data Protection / Prototype Protection may also be required.

What is TISAX

TISAX, or Trusted Information Security Assessment Exchange, is a certification standard designed to assess a company's capability to comply with comprehensive information security process standards across the entire organization. 

TISAX Governance

The ENX Association <Welcome to TISAX · ENX Portal> was formed in 2000 by European auto manufacturers, suppliers and associations to define and oversee industry standards. 

Is there a cost for TISAX?

Yes, there is a cost. ZF LIFETEC does not cover the cost for supplier TISAX certification.

• Registration with ENX

See document from ENX, subject to update the List

• Audit costs

This is dependent upon the size of your organization and auditor’s cost.  See link here < TISAX Audit Provider · ENX Portal> for list of approved auditors.

Is it sufficient that we certify only one location (Headquarter)?

A supplier must certify ALL locations that are supplying products / services to ZF LIFETEC

I’m already certified, now what?

Please share your certificate with us via SupplyOn Business Directory. We need to know:

• Assessment ID
• Assessment Level (We require AL3)
• Validity date

How can I find more information on SupplyOn Business Directory?

Contact your ZF LIFETEC Buyer and ask him/her to start the onboarding process for SO Business Directory.

• ZF LIFETEC PM GTCP Acceptance

General Supplies / Condition of Purchase International

• General Terms and Conditions of Purchase (valid as May 2019)

Deliveries to German Plants

• General Terms and Conditions of Purchase (valid as of Oct 2002)
• Conditions for Transactions of ZF Plants in Germany (Version May 2019)

Tooling Terms and Conditions (for Tooling used by suppliers funded by ZF LIFETEC)

• ZF Tooling Terms and Conditions of Purchase (not acceptable for Tools used in ZF facilities, for those, see section "Non production material" below)

Tool Invoicing

• Note to Suppliers of ZF LIFETEC (on the invoicing of Tools and Handling of VAT)

Tool Dataset

• to be attached to Supplier´s invoice

Machinery Terms

• ZF-Purchasing Conditions for Machines and Mechanical Devices

Software Terms

• General Purchasing Terms and Conditions for IT services

Technical Delivery Specifications

• ZF Technical Delivery Specification for Machines and Machine Systems