Automotive Cybersecurity Management System Assessment

Automotive Cybersecurity Management System Assessment

Ensure regulatory and standards compliance

Ensure regulatory and standards compliance

What is an Automotive Cybersecurity Management System Assessment?

An Automotive Cybersecurity Management System (CSMS) assessment is an audit of a vehicle manufacturer or OEM's cybersecurity framework. The expert assessment identifies if the organisation’s processes provide a suitable cybersecurity framework across the product lifecycle and that the CSMS requirements of both the UNECE Cybersecurity Vehicle Regulation and ISO/SAE 21434 are fulfilled.

As today's connected automated and autonomous vehicles become more and more complex, the danger of potential cyberattacks increases. To protect vehicles and components, manufacturers must therefore focus beyond the product and create an organisational cybersecurity environment that enables the development of safe and secure products.

The introduction of the UNECE Cybersecurity Regulation will make cybersecurity mandatory for all new vehicles, systems, components and separate technical units. The regulation covers both the cybersecurity of products and the organisational environment. Both the UNECE regulation and ISO/SAE 21434 require cybersecurity to be enforced across the entire automotive supply chain. The assessment ensures that the regulation cybersecurity requirements are met.

What requirements does the new UNECE Cybersecurity Regulation put on automotive manufacturers?

The UNECE Cybersecurity Regulation requires automotive manufacturers to maintain a certified Cybersecurity Management System (CSMS), which must be assessed and renewed at least every three years.

The CSMS will ensure that the organisation has the appropriate security measures across the development, production and post-production processes, to produce safe and secure products.

Why is a Cybersecurity Management System Assessment important?

An automotive cybersecurity management system assessment assures that robust cybersecurity processes exist across the entire company’s organisation of automotive manufacturers.

Without providing evidence for a CSMS, automotive manufacturers and suppliers cannot gain type approval and will be unable to sell vehicles, components or software in the EU after June 2022. Consequently, Tier 1 and Tier 2 manufacturers, and hardware and software suppliers must give evidence about their capabilities, including their organisational and engineering cybersecurity processes.

A CSMS assessment ensures your business:

  • Reduces risk by ensuring your processes and products fulfil all cybersecurity requirements according to both the UNECE Cybersecurity Regulation and ISO/SAE 21434
  • Is prepared for the CSMS certification, receive type approval and ensure that your vehicles can be sold in the EU also after June 2022
  • Minimises time to market by improving the efficiency of your product development cybersecurity processes
  • Increases the trust of your customers by demonstrating your dedication to accurately assessing cybersecurity in line with the existing regulations

TÜV SÜD supports you to achieve CSMS Certification

TÜV SÜD’s assessment of automotive cybersecurity management systems identifies whether your organisation provides a sufficient cybersecurity framework across the whole product lifecycle. We verify that your CSMS meets the requirements of the UNECE Cybersecurity Regulation and ISO/SAE 21434.

TÜV SÜD is an independent third-party service provider with over a century of automotive experience. Our experts are actively involved in the development of the latest cybersecurity standards (including ISO/SAE 21434, ISO PAS 5112 and ISO 24089). This means you have access to the most up-to-date knowledge of current and future requirements.

We also participate in relevant UNECE committees to develop regulations on cybersecurity and software updates for vehicles (such as UNECE WP.29 GRVA). We have also been involved in the development of the first technical guideline in Singapore (TR68-3) for the secure and safe deployment of fully autonomous vehicles.

With our systematic and holistic CSMS assessment reports, we enable you to design and verify secure automotive components and systems for connected and automated vehicles.

TÜV SÜD’s Automotive Cybersecurity Management System Assessment Service

Our CSMS assessments provide a comprehensive audit of your cybersecurity framework against ISO/SAE 21434 and the UNECE cybersecurity regulation.

Cybersecurity framework

TÜV SÜD's experts analyse your organisation’s cybersecurity governance, management and cyberattack prevention methods. This means your CSMS can then be certified as compliant (TÜV SÜD’s Technical Service can also offer certification). Our detailed technical report includes a performance analysis of your processes and recommends how to close existing gaps.

Our assessments are completely flexible and can be adapted to fit your organisation’s needs - either by assessing the entire organisation or covering specific departments. They can also be applied in the early implementation stages and allow for efficient re-assessment. This means that changes in your organisation or processes can be reflected quickly.

If you wish to sell into key global automotive markets, demonstrating that you conform to the new UNECE regulation is essential. Contact TÜV SÜD for an assessment of your cybersecurity framework against the UNECE cybersecurity regulation and ISO/SAE 21434 today.


Automotive Cybersecurity Management System Assessment

Automotive Cybersecurity Management System Assessment

Ensure regulatory and standards compliance

Learn More

Automated driving requires international regulations
White paper

Automated driving requires international regulations

A look at the current state of developments

Learn More

Cyber security threats of autonomous and connected vehicles

Cyber Security Threats of Connected Vehicles

Consequences and safety solutions

Learn more

Homologation of Automated Vehicles: The Regulatory Challenge
White paper

Homologation of Automated Vehicles: The Regulatory Challenge

A six-point approach for developing a regulatory framework.

Learn more

Automotive wireless connectivity

Keeping it connected: Wireless technology for automotive

Ensure road safety with increasing connectivity

Learn more

Predicting the unpredictable: Are driverless cars ready for real-world complexity?

Predicting the unpredictable

Are driverless cars ready for real-world complexity?

Learn more

Mobility of the Future

The Future of Mobility

Electrification - Connectivity - Autonomy

Learn more


Next Steps

Site Selector