| PACCAR

> ENX and TISAX > Audit Area and Assessment level > FAQ's

TISAX ISA contains modular assessment objectives.

The required Labels (assessment objectives) depend on the supply condition:

Supply Condition	Required TISAX Label
For all companies where discontinued supply has a direct impact on PACCAR Business Continuity. This includes PACCAR's Original Equipment Manufacturing (OEM) Suppliers..	Very High Availability
For all companies that have direct access to PACCAR Network.	Very High Availability or Strictly Confidential
For all companies that hold/process PACCAR strictly confidential and proprietary information, such as product development partners.	Strictly Confidential
For all companies that manufacture, store or use customer-provided components or parts classified as requiring protection at their own locations.	Proto Parts
For all companies that manufacture, store or use customer-provided vehicles classified as requiring protection at their own locations.	Proto Vehicles
For all companies that conduct tests and test drives (e.g. test drives on public roads or test tracks) with customer-provided vehicles classified as requiring protection.	Test Vehicles
For all companies that conduct presentations or events (e.g. market research, events, marketing events) and film and photo shootings with customer-provided vehicles, components or parts classified as requiring protection.	Proto Events
If in doubt, contact cybersecurityNA@paccar.com.

Supplier has to achieve the minimum set of labels required, in accordance with the table above. Supplier can always decide to achieve more labels if deemed necessary.

Supplier must include all supplier sites in the audit scope that have an impact on the supplied product and/or service content.

PACCAR requires that suppliers enable audit information sharing in ENX to make progress visible to PACCAR listed as ‘participant ID PYT3F4’. Please follow the instructions in the ENX system to include your customer specific identification (supplier number) in the system. The audit result in ENX becomes available to PACCAR and PACCAR for monitoring. The level of sharing should be at least “A+Labels”. For more information, please consult the TISAX Handbook on the ENX website.

PACCAR requires a TISAX Label at assessment level 3 for the audit area(s) applicable to each supplier that provides reliable proof of compliance with the correct scope. Level 3 encompasses a cyber security audit conducted by an external auditor. Like any other audit, it is an in-depth assessment based on on-site interviews and evidence.

Please read the FAQ section, as part of your instruction. If after careful review of the FAQ, still some of your questions remain unanswered, please submit your question to: PACCAR Cybersecurity: cybersecurityNA@paccar.com.