References

More than 50 certification projects, each with a result.

Five of them in detail: numbers instead of adjectives. In several ongoing mandates IX provides the external Information Security Officer. Further references on request in the first call.

Case 1 · TISAX · anonymized

Automotive supplier, USA and Mexico

Starting point

An automotive supplier headquartered in the USA with production in Mexico faced two parallel TISAX requirements from US OEMs: a label at Assessment Level 3, the highest assessment level with an on-site assessment, was required at both sites. Starting point: no ISMS, no prior ISO experience, no existing documentation at all.

Brief to IX

Turnkey: end-to-end support across both sites. IX owned the complete document stack, the maturity evidence, and the on-site assessment support in the USA and in Mexico, and provides the external information security officer.

Course

Here it was not a matter of raising an existing ISMS to TISAX level, but of building everything from zero, in two countries in parallel. Beyond documentation, that meant above all change management: processes and responsibilities had to be established and lived at both sites before they were provable. From the start to the temporary label took 7 months.

Result

Temporary TISAX label at Assessment Level 3 for both sites in April 2026.

Case 2 · TISAX

Orange Business

Starting point

Several OEM customers required a TISAX label, with a twelve-month deadline. An ISMS existed, partly at other sites; there was no prior TISAX experience. Originally several sites were in scope for Assessment Level 3.

Brief to IX

TISAX readiness (Assessment Level 3) for the Germany site. IX owned the scoping, the complete document stack, the maturity evidence, the internal audit including risk management, and the assessment support, and provided the external information security officer.

Course

The decisive move was the scoping: given the internal organization, the scope boundaries were drawn clearly and sites were deliberately kept out of scope, rather than forcing every site through the assessment. Within the agreed scope. On time. On budget.

Result

TISAX label for Assessment Level 3 issued in June 2024.

Working with ISEGRIM X AG on our TISAX® implementation was a seamless and efficient experience. Their team not only brought deep expertise in information security but also ensured a highly structured and cost-conscious approach. Through close collaboration and well-coordinated project management, we were able to achieve the TISAX® label exactly as planned, without delays and within budget. Their role as external Information Security Officers was instrumental in making the process smooth and stress-free.

Denis Lima, Security & Compliance Architect Europe, Orange Business

Case 3 · CMMC · anonymized

US defense-industry service provider

Starting point

A US service provider with contracts in the orbit of the US Department of Defense had to demonstrate its readiness for CMMC Level 2, and needed a solid picture of its gaps against the requirements.

Brief to IX

A gap analysis against the requirements of CMMC Level 2 (NIST SP 800-171), carried out together with a US partner. Delivery ran entirely over US infrastructure; no project data left the USA.

Course

From the workshop to the results took 5 days. In that time, 28 documented findings and 5 deliverables were produced, including the complete gap picture and the prioritized action plan.

Result

Within a week the customer received an assessment-ready gap picture with a prioritized action plan for CMMC Level 2, without project data leaving the USA.

Case 4 · ISO 27001

PROBIS

Starting point

PROBIS runs a cloud-based cost-management platform for the real-estate sector; its users include banks in the context of property financing. Anyone processing financial and project data for that clientele cannot avoid a certified ISMS: customer and due-diligence requirements made ISO 27001 a precondition. Starting point: greenfield. No ISMS, only data-protection structures in place. Under 50 employees at two sites.

Brief to IX

ISO 27001 certification readiness from a standing start. IX owned the complete document stack, the Statement of Applicability, the risk analysis, the choice of certification body, and the audit support, and provides the external information security officer.

Course

The case shows the IX model in its purest form: PROBIS's role came down to three things, decide, provide information, implement. Everything else, from documentation to audit preparation, sat with IX. All findings were closed before the certification audit, and every deliverable was reviewed and signed off by PROBIS.

Result

ISO 27001 certificate issued in September 2025.

Case 5 · NIS2 · anonymized · delivery breadth

Machinery builder, southern Germany

Included as delivery breadth in EU regulation, not as a US offer. A southern German machinery builder, around 140 employees, was hit at the same time by two strategic customers with security questionnaires, supplier evidence requests, and NIS2 queries. IX ran a compact readiness and scope check and produced not an expert opinion but an implementation roadmap: a gap picture, priorities, responsibilities, and directly usable evidence for customer questionnaires and supplier reviews. Management released budget and responsibilities without building its own compliance team; the ISO 27001 certification audit is scheduled for November 2026.

Next step

Your case is next.

One email is enough. IX reads your starting point and proposes the sensible next step.

TISAX® is a registered trademark of the ENX Association. ISEGRIM X AG has no business relationship with the ENX Association.