TISAX Penetration Testing Providers

Trusted Information Security Assessment Exchange · Europe

TISAX is the information security assessment standard for the European automotive industry, based on ISO 27001 and the VDA Information Security Assessment (ISA) catalogue. Managed by the ENX Association, TISAX is required by major automotive manufacturers including Volkswagen, BMW, Mercedes-Benz, and their tier-1 suppliers.

TISAX assessments evaluate information security maturity across areas including access control, cryptography, operations security, and supplier relationships. Penetration testing is a key component of demonstrating security maturity at higher TISAX assessment levels, particularly for organisations handling prototypes, unreleased vehicle designs, and sensitive R&D data.

Organisations seeking TISAX certification at Level 3 (highest) must demonstrate robust security testing practices including regular penetration testing of systems handling sensitive automotive data. TISAX certification is valid for three years, and organisations must maintain their security posture throughout this period, including regular security testing and vulnerability management.

Required services:Network Web Application Configuration Review Vulnerability Assessment

1 provider

SEC Consult

Leading European cybersecurity consultancy from Vienna with a prolific vulnerability research program and deep expertise in IoT and embedded systems security.

Score

LOCVienna, Austria

Web ApplicationNetworkMobile App+7

ISO 27001

View Profile Visit Site

TISAX FAQs

Is TISAX only for automotive companies?+

TISAX is primarily required by automotive manufacturers and their supply chain, including IT service providers, engineering firms, and logistics companies that handle sensitive automotive data.

Does TISAX require penetration testing?+

At higher assessment levels, TISAX requires evidence of regular security testing. Penetration testing demonstrates security maturity and is expected for Level 3 assessments covering highly sensitive data.

How does TISAX relate to ISO 27001?+

TISAX is based on ISO 27001 with automotive-specific additions from the VDA ISA catalogue. Having ISO 27001 certification helps but does not automatically satisfy TISAX requirements.

Other Compliance Frameworks

ISO 27001 SOC 2 PCI DSS HIPAA GDPR NIS 2 DORA FedRAMP CMMC NIST CSF SOX CCPA Cyber Essentials