Automotive Cybersecurity Management System Assessment

Automotive Cybersecurity Management System Assessment

Comply with UN Regulation No. 155

Comply with UN Regulation No. 155

Overview of a Cybersecurity Assessment

An automotive cybersecurity management system (CSMS) assessment is an audit of a vehicle manufacturer or OEM's cybersecurity framework. The expert assessment identifies if the organization’s processes provide a suitable cybersecurity framework across the product lifecycle and that the CSMS requirements of both the UNECE Cybersecurity Vehicle Regulation and ISO/SAE 21434 are fulfilled.

As today's connected automated and autonomous vehicles become more and more complex, the danger of potential cyberattacks increases. To protect vehicles and components, manufacturers must therefore focus beyond the product and create an organizational cybersecurity environment that enables the development of safe and secure products.

The introduction of the UNECE Cybersecurity Regulation will make cybersecurity mandatory for all new vehicles, systems, components and separate technical units. The regulation covers both the cybersecurity of products and the organizational environment. Both the UNECE regulation and ISO/SAE 21434 require cybersecurity to be enforced across the entire automotive supply chain. The assessment ensures that the regulation cybersecurity requirements are met.

requirements for automotive manufacturers

The UNECE Cybersecurity Regulation requires automotive manufacturers to maintain a certified Cybersecurity Management System (CSMS), which must be assessed and renewed at least every three years. The CSMS will ensure that the organization has the appropriate security measures across the development, production and post-production processes, to produce safe and secure products.

An automotive cybersecurity management system assessment assures that robust cybersecurity processes exist across the entire company’s organization of automotive manufacturers. Without providing evidence for a CSMS, automotive manufacturers and suppliers cannot gain type approval and will be unable to sell vehicles, components or software in the EU after June 2022. Consequently, Tier 1 and Tier 2 manufacturers, and hardware and software suppliers must give evidence about their capabilities, including their organizational and engineering cybersecurity processes.

A CSMS assessment ensures your business:

  • Reduces risk by ensuring your processes and products fulfill all cybersecurity requirements according to both the UNECE Cybersecurity Regulation and ISO/SAE 21434
  • Is prepared for the CSMS certification, receive type approval and ensure that your vehicles can be sold in the EU also after June 2022
  • Minimizes time to market by improving the efficiency of your product development cybersecurity processes
  • Increases the trust of your customers by demonstrating your dedication to accurately assessing cybersecurity in line with the existing regulations

we support you to achieve CSMS Certification

TÜV SÜD’s assessment of automotive cybersecurity management systems identifies whether your organization provides a sufficient cybersecurity framework across the whole product lifecycle. We verify that your CSMS meets the requirements of the UNECE Cybersecurity Regulation and ISO/SAE 21434. Our experts are actively involved in the development of the latest cybersecurity standards (including ISO/SAE 21434, ISO PAS 5112 and ISO 24089). This means you have access to the most up-to-date knowledge of current and future requirements.

We also participate in relevant UNECE committees to develop regulations on cybersecurity and software updates for vehicles (such as UNECE WP.29 GRVA). We have also been involved in the development of the first technical guideline in Singapore (TR68-3) for the secure and safe deployment of fully autonomous vehicles.  With our systematic and holistic CSMS assessment reports, we enable you to design and verify secure automotive components and systems for connected and automated vehicles.

our Automotive Cybersecurity Management System Assessment Service

Our CSMS assessments provide a comprehensive audit of your cybersecurity framework against ISO/SAE 21434 and the UNECE cybersecurity regulation.

Cybersecurity framework

TÜV SÜD's experts analyze your organization’s cybersecurity governance, management and cyberattack prevention methods. This means your CSMS can then be certified as compliant (TÜV SÜD’s Technical Service can also offer certification). Our detailed technical report includes a performance analysis of your processes and recommends how to close existing gaps. Our assessments are completely flexible and can be adapted to fit your organization’s needs - either by assessing the entire organization or covering specific departments. They can also be applied in the early implementation stages and allow for efficient re-assessment. This means that changes in your organization or processes can be reflected quickly.

If you wish to sell into key global automotive markets, demonstrating that you conform to the new UNECE regulation is essential.


Automotive Functional Safety Harmonization with SOTIF and Cybersecurity

Automotive Functional Safety Harmonization with SOTIF and Cybersecurity

Learn about the harmonization between ISO 26262, ISO 21448 and ISO 21434

Learn More


Next Steps

Site Selector