Launch a TARA-first CSMS pilot on one ECU or system in 6–8 weeks
ThreatZ delivers an ISO/SAE 21434 TARA on one ECU in 6–8 weeks — authored, audit-ready, fixed fee. Reusable workflow your team owns after week 8.
Audit-ready outputs your team owns after week 8.
Built for teams that need a real TARA artifact, not a methodology slide
Four common entry points into the pilot — each landing in the same reusable workflow.
Tier-1 supplier facing the first OEM cybersecurity audit
You owe an OEM a TARA, a risk register, and an evidence packet — with a real date and a real auditor. Use the pilot to ship a clean ISO/SAE 21434-aligned artifact instead of a frantic spreadsheet exchange. See the Tier-1 first-audit framing.
Tier-1 supplier with multiple OEM programs
You're done re-keying the same risks per customer template. Use the pilot to model one ECU's TARA cleanly, then clone the workflow into the next program. The Tier-1 supplier playbook shows the multi-OEM reuse pattern.
OEM team evaluating a CSMS platform
You want to validate ThreatZ against a real vehicle program (or a candidate platform) before procurement signs the multi-year contract. Use the pilot as a controlled, scoped trial. See the OEM CSMS playbook for the type-approval angle.
Engineering services firm delivering for a customer
You bid a TARA workstream for an OEM or Tier-1 customer. Use the pilot as your delivery framework — partner economics + technical certification covered under the Uraeus Partner Program.
Why spreadsheet TARA does not scale into a real CSMS
Most automotive cybersecurity teams start their TARA in Excel. Then the regulator, the auditor, and the next ECU show up.
Excel doesn't link risk to evidence
A spreadsheet TARA can list threats and risks, but auditors trace risks to controls, controls to tests, tests to evidence. That graph doesn't exist in Excel.
Stand-alone TARA tools don't link to SBOM, incidents, or tests
Niche TARA tools handle threat modeling but stop there. When a CVE hits the SBOM or a V-SOC alert lands, the TARA file doesn't update — and your auditor notices.
No reusable workflow after the engagement
Consultant-led TARAs ship a PDF + an Excel pack. Next ECU starts from scratch. Six months later, the original threat model is stale and disconnected from the program.
First audit needs a real artifact, not a methodology slide
OEM auditors and type-approval reviewers want to see filled-in work products tied back to actual components — not a 60-page deck on how you would do TARA.
AI-assisted recommendations need a structured base
Modern threat-pattern AI works only when the underlying asset, threat, and risk model is structured. Spreadsheet TARAs can't feed an AI assistant; ThreatZ's model can.
Audit cycles compound the cost
Every milestone gate or regulator follow-up means re-formatting the same spreadsheet stack. By year two the cost of disconnected TARA is bigger than the platform that would have replaced it.
Every audit cycle makes disconnected TARA more expensive
The first spreadsheet may look efficient. The second audit, second ECU, and second OEM template expose the hidden cost. By year two, the cost of disconnected TARA can be larger than the platform that would have replaced it.
By Audit cycle 2 or Program 2, the cost of disconnected TARA exceeds the platform that would have replaced it. Pilot 1 is the inflection point.
Scope your TARA-first pilot in 30 minutes
Bring one ECU. Fixed scope, fixed cadence, audit-ready output.
ThreatZ turns one TARA engagement into a reusable CSMS workflow
A dedicated ThreatZ Foundation workspace and TARA module configured for your selected ECU. Your team models assets, damage scenarios, threats, attack paths, risks, treatments, controls, and evidence relationships in one structured environment — AI-assisted, engineer-approved. The result is a working TARA model that can be reused, expanded, and linked to SBOM, Operations, Testing, and Compliance modules.
Pilot core: Foundation + TARA included
Workspace, security catalog, asset model, threats, risks, treatments, evidence — one structured graph, not a static pack.
Expansion paths
SBOM, Operations, Testing, Compliance modules attach to the same model when the program needs them — never required mid-pilot.
Reuse on program 2
Templates, catalog patterns, and naming conventions captured during the pilot accelerate the next ECU — the second program runs on the work the first one paid for.
What's included in the 6–8 week pilot
Fixed scope, fixed duration, fixed deliverables. No retainer creep.
Foundation workspace
Project setup, users, security catalog — configured for your team and ready on day one.
Output ThreatZ tenant + seeded security catalogTARA module
Assets, threats, damage scenarios, attack paths, risks, treatments — the full ISO/SAE 21434 Clause 15 workflow.
Output Working TARA model linked to one ECUAI-assisted recommendations
Threat-pattern AI to accelerate model authoring — reviewed by your engineers, every recommendation tracked.
Output Auditable AI-assist log, engineer-approvedRisk-relationship graph
Visual cross-link from asset to threat to risk to treatment to evidence — the auditor-ready view that Excel cannot produce.
Output Interactive graph + exportable trace matrixISO/SAE 21434 report package
Exportable work products mapped to ISO/SAE 21434 clauses, ready for OEM and regulator review.
Output PDF + structured exports per ISO/SAE 21434 clauseReusable workflow + handover pack
Project templates, catalog patterns, and naming conventions captured for the next ECU. Documented expansion path into SBOM, Operations, or Compliance modules.
Output Template pack + reuse playbook for ECU #2The 6–8 week pilot, week by week
Fixed cadence. Visible progress every week. No surprise scope drift.
Kickoff & scope freeze
Foundation setup, security catalog seeding, ECU scope frozen.
Asset model & threat catalog
ECU asset map and seed threat library from the security catalog.
TARA authoring
Risks, damage scenarios, attack paths — AI-assisted, engineer-reviewed.
Risk treatment & controls
Treatment decisions, control linkage, residual-risk view.
Reporting package
ISO/SAE 21434 work-product exports & audit-ready evidence pack.
Handover & reuse plan
Template capture, expansion path, partner / customer handover.
By the end of the pilot, you have a working ThreatZ TARA on one ECU, a reusable model, an audit-ready report package, and a documented path to expand into SBOM, Operations, or Compliance modules whenever the program needs them.
One scoping call. Written pilot scope in the same week.
Bring the ECU, the audit deadline, and any current TARA artifacts. We confirm timeline, deliverables, and fixed-fee pricing in writing.
Extend the pilot if the program needs it
All add-ons are priced as fixed scope. Decided up front, not mid-engagement.
Each add-on is decided before kickoff and priced as fixed scope. Add-ons extend the pilot but never disturb the core 6–8 week TARA delivery.
SBOM module
Ingest your SPDX or CycloneDX SBOM, link components to ECU assets, and surface CVE impact through the same risk-relationship graph.
Operations & V-SOC integration
Pipe Vehicle Security Operations Center (V-SOC) incidents into the CSMS risk view so post-incident findings update the TARA context in real time.
Security-testing integration
Connect to Vector CANoe, HIL benches, or the ThreatZ Testbench Agent so test results close the risk-control-evidence loop automatically.
Custom OEM templates
Bespoke TARA templates, evidence formats, and report layouts configured for a specific OEM customer program.
Tool integrations
Connect to your existing Jira / Polarion / DOORS / Codebeamer / GitHub stack so the pilot doesn't replace your tooling — it links into it.
Additional ECU coverage
Add a second ECU into the pilot scope — usually with a 2–3 week extension once the reusable workflow from the first ECU is in place.
Scoped tight, so it ships
Every pilot earns its 6–8 weeks by saying no to six things up front. Procurement gets the answers without chasing us.
Not a methodology consultancy
You leave with a working TARA model in your tenant — not a 60-page slide deck on how to do TARA. The output is the artifact, not the advice.
Not a demo workspace
Foundation + TARA stand up as a real production environment. The pilot tenant becomes the production tenant if you continue — not a sandbox you have to migrate out of.
Not retainer-style consulting
Fixed scope, fixed duration, fixed fee. No mid-engagement upsell, no time-and-materials, no monthly retainer that drifts past Week 8.
Not a full-platform rollout
The pilot covers one ECU or system — not 40 ECUs across a vehicle program. Expansion happens after the pilot proves the workflow, on your terms.
Not AI-generated TARA
AI accelerates threat-pattern authoring; your engineers review and approve every recommendation. Every AI suggestion is logged and engineer-signed before it lands in the report.
Not multi-tenant for vehicle data
Private cloud or on-premise — air-gapped supported. Customer-owned data plane. Vehicle data never lands in a shared back end.
What teams achieved after putting ThreatZ on a real program
Outcomes below come from production ThreatZ engagements. The pilot replicates the same foundation the customer team builds on day one — same tenant, same workflow, same artifacts.
“The pilot ECU became our reference architecture. Three programs later, the catalog patterns and naming conventions we built in those eight weeks are still the spine of every TARA we ship.”
“Before ThreatZ, a single CVE disclosure could take two weeks to assess. After the pilot, impact analysis runs in under four hours — against the same TARA model we built in week 3.”
“ThreatZ eliminated the duplication and gave us confidence that both documentation sets were consistent and complete. We achieved European type approval months ahead of schedule.”
Practitioners quoted under NDA. Named references available after the scoping call. Outcomes vary by program scope, ECU complexity, and existing toolchain.
The answers procurement and security will want before signing
All four signals are documented. Forward this page internally and the conversation moves faster.
Security posture
SOC 2 Type II controls, ISO 27001-aligned ISMS, AES-256 at rest, TLS 1.3 in transit.
Security details →Data residency
GDPR-compliant. EU regional data residency available on request. China-resident deployment available for GB 44495 programs.
GDPR compliance →Deployment options
Private cloud or on-premise — air-gapped supported for sovereignty-sensitive programs. AWS Marketplace available as a procurement channel (EDP burndown eligible); deployment still lands in your tenant.
Discuss deployment →Transparent pricing
Fixed-fee per ECU pilot, not time-and-materials. Anchors to the published Team or Professional tier — no enterprise-only gatekeeping. Specific pilot fee disclosed on the scoping call.
See pricing tiers →The six questions buyers ask on the scoping call
Answered here so you can forward this page internally and shorten the procurement loop.
What's included in the ThreatZ TARA pilot?
The 6–8 week pilot includes a dedicated ThreatZ Foundation workspace, a TARA module configured for your selected ECU or system, AI-assisted recommendations reviewed by your engineers, a risk-relationship graph from asset to evidence, an ISO/SAE 21434 work-product report package, and a reusable workflow plus handover pack.
How long does the TARA pilot take?
6 to 8 weeks fixed cadence. Week 1: kickoff and scope freeze. Week 2: asset model and threat catalog. Weeks 3–4: TARA authoring. Week 5: risk treatment and controls. Weeks 6–7: ISO/SAE 21434 report package. Weeks 7–8: handover and reuse plan.
Can the pilot run on-premise or air-gapped?
Yes. Deployment options include private cloud or on-premise — air-gapped supported for sovereignty-sensitive programs. AWS Marketplace is available as a procurement channel; deployment still lands in your tenant.
What does the TARA pilot cost?
Fixed-fee per ECU pilot, anchored to published pricing tiers and scoped before kickoff. The specific number is disclosed on the 30-minute scoping call once we confirm scope, deadline, and add-ons.
Does the pilot include SBOM, Operations, or Testing?
The pilot core is ThreatZ Foundation + TARA. Optional add-ons include the SBOM module (CycloneDX / SPDX ingest), Operations and V-SOC integration, security-testing integration (Vector CANoe, HIL benches), custom OEM templates, tool integrations (Jira, Polarion, DOORS, Codebeamer, GitHub), and additional ECU coverage. Add-ons are decided up front and priced as fixed scope.
Is the pilot a real production engagement?
Yes. The pilot creates a working TARA model that can be reused, expanded, and linked to SBOM, Operations, Testing, and Compliance modules. It is not a methodology-only consultancy or a demo workspace — the pilot tenant becomes the production tenant if you continue.
Bring one ECU. We will ship a TARA your auditor can walk.
Scope one ECU or system, the audit deadline, and any current TARA artifacts. We confirm timeline, deliverables, and pricing on the 30-minute call — then send a written scope statement within the week. No NDA required for the scoping call.