Enhance multi-user Collaboration, and Ensure Compliance with  the ISO/SAE 21434.

Compliance with International Standards

Ensure adheres to ISO/SAE 21434, meeting stringent regulatory requirements effortlessly.

Comprehensive Security Level Assessments

Utilize methodologies like HEAVENs, STRIDE, and EVITA to perform thorough security assessments.

Powerful Review and Dashboard Functionality

The TARA module features a comprehensive review tool as well as a dashboard functionality.

Enhanced Asset Management

Optimize the identification and management of your system components within UML/SysML diagrams.

Improved Collaboration

Benefit from a web-based interface that promotes seamless collaboration among your team members.

Advanced Reporting and Documentation

Generate detailed analyses and compliance reports using the C-SOX Report Designer.

Customizable Solutions

Modify threat parameters and tailor risk matrices to fit your specific project needs.

User-Specific UI-Configuration

Easy UI- and Risk Graph configuration based on a flexible data model.

Modular Design

With its modular design and powerful, bidirectional cross-module capabilities, EnCo SOX is your gateway to more efficient, compliant, and secure project management.

Click an arrow in the image below to see how the module interacts within the SOX workbench

Requirements Report Designer Review Test BOM FTA FMEDA FMEA Attack Tree TARA HARA System Designer

In the Requirements module, you can create or edit requirements which can then be used in your TARA. All changes, results, connections or relations will then also be visible in all of your requirements thanks to the full tracesbility features of the SOX workbench.


  • Supports OMG standard ReqIF exchange format and import of MS Office
  • Deep integrations with IBM Doors, Codebeamer, Jama Connect, Jira, and Polarion

The SOX Requirement module offers a complete solution for elicitation, tracking and analyzing requirements. Import your product requirements specifications from Excel, Word, ReqIF or Rif and create the functional specification document in SOX. For this, you can reuse data former projects from the server-based catalog, compare different concepts and make status alignments via the SOX Traceability Matrix.

Learn More

Display your TARA data within dedicated Safety- and Security Reports.

Report Designer

The SOX Report Designer helps you create customized documentation for your projects with just a couple of clicks. Drag-and-drop data from existing projects and working files into your reports for seamless visualization and benefit from safety-and-security-focused live updates so your reporting is always in line with your most current data.

Learn More


  • Definition of rules and queries
  • Definition of the document status
  • Generation of Review documents


  • Definition of test cases
  • Export of test cases
  • Import and display of test results

Create test cases based on your requirements in SOX and pass them to their specific testing tools. Please approach us for specific data outputs. We will adjust the output in XML so you can pass SOX test cases along to your test tools and read back the status, so as to generate maximum assistance in the preparation of your project-related traceability.

Learn More


  • Linkage to the SOX modules FMEA, FTA, Markov, and RBD
  • Standard catalogs of failure rates: SN 29500, IEC 62380
  • Standard catalogs of failure modes: Birolini, IEC 62380

Import or create your Bills of Materials (BOMs) in the SOX Reliability module. FIT values are calculated in the SOX RE module in compliance with project-specific profiles and can be used for various analyzes.
SOX also enables the semiquantitative analysis from semiconductors down to their parts (DIE and Package) and sub-areas (Blocks), according to ISO26262 (part 11) and ISO PAS 19451.

Learn More


  • Supports the standards DIN 25424 and IEC 61025
  • Boundary value analysis and minimum intersection analysis

Calculate required probabilities in the SOX module FTA and track the progress of your analysis with the possibility to consign a status and to assign tasks. As an FTA software, the SOX module FTA provides the possibility, besides the option to display variants, to take over hardware and system effects of the FMEA or failure modes from the FMEDA and to link them simply by drag & drop. Sources and effects of risks are therefore systematically identified and eliminated with appropriate countermeasures (e.g. diagnoses).

Learn More


  • Supports Safety standards IEC 61508 and ISO 26262
  • Analysis on module, component and semiconductor level

The SOX FMEDA supports you in creating FMEDAs for industry-specific safety standards (e.g. ISO 26262, IEC 61508). Calculate your safety target specific metrics for each module and the overall system in the SOX module FMEDA and track the progress of your analysis with the possibility to consign a status and to assign tasks.

SOX also enables the quantitative analysis from semiconductors down to their parts (DIE and Package) and sub-areas (Blocks), according to ISO 26262
Learn More


  • Structure of FMEA according to VDA 6.3 & AIAG (7 steps method)
  • Tracing and display of safety requirements (e. g. SIL, ASIL, PL)
  • Connection to the SOX module Requirements (RIF / ReqIF) and System Design (SysML / UML)
  • XML MSR FMEA and Excel Import

The SOX FMEA supports in risk analysis according to VDA & AIAG. One of the many unique selling points is to analyze electronic components professionally. Besides the option to display variants the SOX module, FMEA provides the possibility to define error nets and measures, depending on the system status (development, operation, service). Sources and effects of risks are therefore systematically identified and eliminated with appropriate countermeasures.

Learn More

Propagate Security Level to the FMEA (ISO21434)

Attack Tree

  • Taking threats from the TARA via Drag & Drop
  • AND- & OR-Gates
  • Customizable variables representing the probabilities of an Asset Attack

The SOX Attack Tree module makes graphical representations of attack paths available, providing Attack Goals, Attack Objectives, Attack Methods, and Asset Attacks and connects them with the responding AND and OR gates. Beyond the usual entities, Undeveloped Events and Transfers, referencing repeated nodes in different attack paths can be created.

Learn More

Exchange security-specific information such as asset attack paths, attack steps, and security analyses


  • Allocates and rates threats which based on cyber attacks amongst other things
  • Evaluates risks in accordance to the norm ISO/SAE 21434 and the guidebook SAE J3061
  • TARA generation based on your previous UML/SysML or PreeVision system design

The SOX TARA allows the allocation, management and evaluation of assets, effects, threats, operating conditions and security attributes. The evaluation matrix facilitates the individual assembly of different security level reviews. Selected aspects can be filtered, sorted and viewed in a variety of configurations.


  • Support for ISO 26262, IEC 61508, ISO 25119, ISO 12100/14121 MRL, MIL-882, ISO 13849, ISO 62061 and ISO 61511
  • Server-based catalogs and document filing
  • Analysis of hazards and safety requirements (safety goals)

The SOX module Hazard and Risk Analysis (HARA) evaluates your security needs and allows you to assemble various safety reviews (SIL, ASIL, PL, etc.), allowing you to allocation, manage, and evaluate functions, malfunctions, effects, hazards, operating conditions, and safety objectives. The evaluation matrix facilitates the individual assembly of different ASIL reviews. Selected aspects can be filtered, sorted and viewed in a variety of configurations.
Use more SOX modules to hand over defined security requirements to the SOX System Design (SysML / UML), the security concept modeling (FSK / TSK), requirements management (RIF, ReqIF) or SOX Analysis

Learn More

Exchange Safety- and Security levels as well as project-based hazards.

System Designer

  • Supports OMG SysML / UML standards
  • Import and export options to existing solutions via XMI (e.g. Enterprise Architect)
  • Connection to the SOX module Requirements (RIF / ReqIF)

The SOX System Designer represents a comprehensive solution for modeling your specific system using the OMG SysML 1.4 and UML 2.0 standards. Define your system using a variety of chart types and link it based on specific requirements which can be passed into the SOX module Requirements.

Learn More

Transfer of the vehicle security architecture model for detailed analysis in the tara (e.g. assets/items) as well as feedback and propagation of the 21434 model in the security architecture model.

Join the innovative companies that have optimized their workflows with EnCo SOX.



Is it possible to add files such as images, office files, and PDFs to SOX projects?

Yes, you can, for example, drag and drop image files or all office formats from Windows to all folders (FMEA, FMEDA, etc.) within the project archive. A copy is created and saved in the SOX database. Furthermore, these files may subsequently be linked to SOX elements such as Functions and Malfunctions. The relevant element will have a decorator added to it, making it easy to detect which files are thus linked to other files. Right-click on the item to view and open all linked files.

Is it possible for multiple users to work on the same project at the same time?

Yes, EnCo SOX offers extensive multi-user capabilities and real-time updates.

What are the minimum hardware requirements of the SOX server?

The minimum requirements are:

  • Ubuntu Server (from version 14.04 LTS or similar distributions), Windows Server 2012 or better
  • Oracle JDK is already integrated (external Oracle JDK could be used)
  • CPU: 4 cores
  • RAM: 12 GB (16 GB recommended)
  • Can be run in a virtual environment
  • Requires open port (e.g., standard port 2036) for access
  • Disk space: about 700MB – 1200MB for the client application, 5 GB for the embedded database

Can I import projects from a different software?

Yes, EnCo SOX offers various possibilities to import working files fron your previous software solutions. Use our contact form to get in touch so we can discuss the best solution to fit your individual needs.

Do you provide the SOX server landscape?

At the moment, we do not offer a customer Server. You will need to install a SOX server on your own server enviroment. We will, however, provide you with a test server to evaluate our software.

Scroll to top EnCo Software GmbH