Automotive: Software Update Management System (SUMS) according to ISO 24089 & UNECE R156

This training program is designed for:

• Automotive engineers and developers
• Cybersecurity professionals
• IT security specialists
• Compliance and homologation experts
• Anyone involved in vehicle software updates and cybersecurity

Day 1 – Foundations & Regulations

• Transformation of mobility and cybersecurity challenges
• Global regulatory landscape (EU framework, UNECE R155/R156)
• Introduction to ISO 24089
• Software update package and campaign levels
• Practical exercise: designing a software update mechanism

Day 2 – Implementation & Frameworks

• Software updates at vehicle, infrastructure, project, and organizational levels
• Risk management, validation, and lifecycle processes
• Integration with related standards (ISO/SAE 21434, ISO 26262, ISO 27000)
• Introduction to the Uptane Framework for secure OTA updates
• Case studies, exercises, and examination

Modern vehicles rely on continuous updates for new features, bug fixes, and security patches. At the same time, regulators worldwide now require manufacturers to demonstrate secure, controlled, and traceable update processes.

This training helps organizations:

• Meet UNECE R156 homologation requirements
• Align with ISO 24089 software update engineering practices
• Strengthen vehicle cybersecurity resilience
• Reduce risks associated with OTA and software lifecycle management

• Gain latest insights into ISO 24089 and regulatory developments
• Understand global homologation requirements for software updates
• Learn best practices for implementing SUMS
• Benefit from industry experts with auditing and practical experience
• Apply knowledge directly through exercises and real-world scenarios

The program consists of a 2-day instructor-led training, which includes a proctored certification examination on the final day.

The training may be delivered either as a live virtual classroom or as an on-site, face-to-face session. In both formats, participants engage in a comprehensive learning experience that includes lectures, case studies, group exercises, discussions, problem-solving activities, practical examples, assignments, and quizzes.

When delivered virtually, the course is conducted live online using virtual classroom technology, allowing participants to attend from any internet-accessible location. The format enables real-time interaction with the instructor and peers, supporting questions, discussion, and collaborative learning. A webcam and microphone are required for participation and for the online proctored examination.

When delivered on site, the training takes place in a traditional classroom environment, emphasizing in-person instruction, hands-on activities, group interaction, and immediate feedback from the instructor.

Both delivery options provide the same high-quality content, interactive learning experience, and level of instructor support.

The course content and structure have been developed by TÜV SÜD domain experts. Drawing on extensive experience and in-depth knowledge of relevant standards, TÜV SÜD’s product specialists and technical experts have designed the program to align with current industry practices, business needs, and market requirements.

Requirements for Live Proctoring Examination:

• Students need to connect to the training session from an internet accessible location.
• Webcam and Microphone are REQUIRED.
• The examination venue must be a self-contained private room or office.
• When prompted by the online exam proctor, the complete work environment/room must be shown using the camera.
• There must be no other people in the room.
• No other materials are allowed in the vicinity of the PC/laptop other than permitted resources.
• No texts on the walls or desk.
• Quiet surroundings and no music, television or other sources of noise.
• No other computers or devices in the room are to be switched on.
• The room must be sufficiently lit (equivalent to daylight).
• Participants are not permitted to create or distribute transcripts of the examination contents (electronically and/or manually).

• Participant makes/receives a telephone call during the examination.
• Another person appears in the room.
• During the examination, the browser displaying the examination is left and answers are researched online despite this being prohibited by the examination regulations (closed book).
• Documents/notes are positioned on or around the laptop/monitor that enable the participant to cheat.

Successful participants who attend at least 90% of the total training duration will receive a Certificate of Attendance.

The program culminates with an online proctored examination. If you pass the exam, you will receive certificate "Automotive Cybersecurity: SUMS Expert" from the TÜV SÜD Academy.

It is highly recommended learners obtain a copy of the relevant ISO standard(s) to reference during the course. These standards can be purchased through the American National Standards Institute (ANSI) at www.ansi.org, the American Society for Quality (ASQ) at www.asq.org, or any other authorized distributor of international standards.

• No formal prerequisites
• Basic knowledge of automotive software or cybersecurity is recommended

TÜV SÜD additionally offers the opportunity to deliver this training as a dedicated in-house course, delivered solely to your organisation to meet your needs and requirements. To receive a quote and find out more information, please contact us at [email protected].