TISAX Penetration Testing Providers

Trusted Information Security Assessment Exchange · Europe

TISAX is the information security assessment standard for the European automotive industry, based on ISO 27001 and the VDA Information Security Assessment (ISA) catalogue. Managed by the ENX Association, TISAX is required by major automotive manufacturers including Volkswagen, BMW, Mercedes-Benz, and their tier-1 suppliers.

TISAX assessments evaluate information security maturity across areas including access control, cryptography, operations security, and supplier relationships. Penetration testing is a key component of demonstrating security maturity at higher TISAX assessment levels, particularly for organisations handling prototypes, unreleased vehicle designs, and sensitive R&D data.

Organisations seeking TISAX certification at Level 3 (highest) must demonstrate robust security testing practices including regular penetration testing of systems handling sensitive automotive data. TISAX certification is valid for three years, and organisations must maintain their security posture throughout this period, including regular security testing and vulnerability management.

Particularly relevant for Manufacturing pen testing providers.

Required services:Network Web Application Configuration Review Vulnerability Assessment

4 providers

Payment Security LeadersPCI QSAPCI PFIGerman-Speaking Team

usd AG

Frankfurt-based European payment security specialist holding the full set of PCI credentials (QSA, PFI, ASV, P2PE). Manual-first penetration testing for fintechs, acquirers, and regulated enterprises.

Frankfurt, GermanyContact for pricing

Web ApplicationNetworkCloud+6

PCI QSAPCI PFIPCI ASV+1

Read usd AG profile

SEC Consult

Vienna-headquartered Austrian cybersecurity consultancy with a prolific Vulnerability Lab research program and deep expertise in IoT and embedded systems security across the DACH region.

Vienna, AustriaContact for pricing

Web ApplicationNetworkMobile App+7

ISO 27001

Verified Feb 2026

Read SEC Consult profile

Top German ProviderBSI ExpertsDACH SpecialistsCRA-Ready

HiSolutions

Berlin-headquartered German cybersecurity consultancy with 30+ years of BSI IT-Grundschutz experience. Trusted by federal agencies, DAX corporations, and critical infrastructure operators.

Berlin, GermanyContact for pricing

Web ApplicationNetworkCloud+8

BSI CertifiedISO 27001ISO 9001

Read HiSolutions profile

Automotive SpecialistPwn2Own Automotive

PCA Cybersecurity

Vilnius-based automotive cybersecurity specialist focused on UN R155, ISO/SAE 21434, and vehicle research. Pwn2Own Automotive participant with a dedicated ECU and vehicle test lab.

Vilnius, LithuaniaContact for pricing

IoTNetworkSource Code Review+4

ISO 27001

Read PCA Cybersecurity profile

TISAX FAQs

Is TISAX only for automotive companies?+

TISAX is primarily required by automotive manufacturers and their supply chain, including IT service providers, engineering firms, and logistics companies that handle sensitive automotive data.

Does TISAX require penetration testing?+

At higher assessment levels, TISAX requires evidence of regular security testing. Penetration testing demonstrates security maturity and is expected for Level 3 assessments covering highly sensitive data.

How does TISAX relate to ISO 27001?+

TISAX is based on ISO 27001 with automotive-specific additions from the VDA ISA catalogue. Having ISO 27001 certification helps but does not automatically satisfy TISAX requirements.

Other Compliance Frameworks

ISO 27001 SOC 2 PCI DSS HIPAA GDPR NIS 2 DORA FedRAMP CMMC NIST CSF SOX CCPA Cyber Essentials TIBER-EU POPIA PIPEDA NESA Cyber Resilience Act