Get started with TÜV SÜD
Partner with us to ensure compliance with ISO 24089, the standard for software update engineering.
What is ISO 24089?
ISO 24089 is the standard for vehicle software updates and its global requirements are harmonised with UN Regulation 156. The standard mandates that security and safety is enforced across the entire automotive software update mechanism. It provides a framework to deploy updates safely and securely. The standard covers requirements for a vehicle and its electronic control units (ECUs), new software update packages, the infrastructure, and the entire software update mechanism.
The ISO 24089 standard outlines the key processes and functions that should be used throughout the automotive software update engineering and update deployment. This includes verification and validation, risk management for safety, and cybersecurity. Risk must be managed for the vehicle as well as the software update infrastructure.
As your partner for future mobility solutions, TÜV SÜD supports you with an efficient and systematic expert assessment to verify your organisation’s ability to develop and maintain a safe and secure software update mechanism and associated processes.
Why compliance with ISO 24089 is important
Increased vehicle functions and connectivity necessitates regular vehicle software updates to implement important fixes and add new capabilities. However, this technical improvement also increases the vulnerability of vehicles to cyberattacks and safety hazards.
Organisations involved in automotive software engineering should therefore comply with ISO 24089 to prove they fulfil the state-of-the-art in software update engineering. This includes original equipment manufacturer (OEMs) and suppliers, as well as subsidiaries and contractual partners.
Software update enabled vehicles cannot be sold without UNECE R156 type approval, and ISO 24089 supports the fulfilment of its requirements. The standard ensures software updates are implemented safely and securely and establishes trust in future mobility solutions with software update engineering activities.
How TÜV SÜD can help you with ISO 24089 compliance
TÜV SÜD’s expert assessment verifies your organisation’s ability to develop and maintain a safe and secure automotive software update mechanism, and associated processes.
We help you to ensure that your components, or an entire vehicle, perform software updates in compliance with ISO 24089. We also support you with the required evidence to facilitate type approval in the EU, and other countries that have adopted UNECE R156.
Our experts were involved in the ISO 24089 development working group. We are also recognised as a technical service for certification and type approval according to UNECE R156. Our expert knowledge helps you to achieve compliance by better understanding automotive software standards requirements and how they affect your products and systems.
Our expert assessment of automotive software updates and the management of software updates identifies if your organisation’s processes offer a suitable and sustainable framework for vehicle software update activities. We support you to identify compliance gaps in your processes and how they can be closed. Our assessment determines whether you fulfil the requirements of ISO 24089. TÜV SÜD’s certification body can provide the certificate once your software update processes comply with ISO 24089 requirements.
What our ISO 24089 services include
TÜV SÜD offers a variety of services to assess your automotive software engineering processes and activities according to the ISO 24089 standard:
Workshops
- Advisory workshops to familiarise yourself with requirements.
- Scoping workshops to discover to what extent ISO 24089 applies to your organisation.
- Individual workshops about the objectives, requirements, and work products of ISO 24089, using specific examples.
Assessments
- Gap analysis to identify potential gaps in your concept and/or implementation of requirements.
- Analysis of the compliance readiness of your organisation and relevant processes.
- Assess a partial scope of ISO 24089.
- Deliverable: technical report with detailed evaluations and findings.
Certification
- Certification of the implementation and maintenance of ISO 24089 requirements.
- Deliverable: Certificate that can be used as evidence for standard compliance.
Frequently asked questions (FAQs)
Who should you comply with ISO 24089?
Automotive industry players involved in automotive software engineering like OEMS, subsidiaries, suppliers, and contractual partners should comply to the ISO 24089 standard and its requirements.
In which countries is ISO 24089 compliance mandatory?
ISO 24089 is globally applicable. While the standard is not mandatory, it can be used as evidence for compliance to the current state-of-the-art for automotive software update engineering.
Is there any automotive software update engineering training available?
Yes. We offer individual software update workshops. These cover the objectives, requirements, and work products of ISO 24089. The workshops include specific examples and information about the UNECE R156 software update regulation.
What is the difference between UNECE R156 and ISO 24089?
UNECE R156 is mandatory for OEMs to gain type approval for their vehicle types. The ISO 24089 as an international standard but it is not mandatory with regard to any vehicle approval. It represents the current state-of-the-art for automotive software update engineering. Although UNECE R156 and ISO 24089 are harmonised, the regulation focusses on approval-related requirements whereas the standard does not.
How do we ensure the cybersecurity of over-the-air (OTA) updates?
OTA updates have been an invaluable innovation to the vehicle market. However, while this technology allows manufacturers to improve vehicle performance, introduce new features, fix bugs, and address security vulnerabilities, it can also introduce an element of cybersecurity risk.
If manufacturers want to ensure the safety, security, and functionality of vehicles, OTA security is vital. This involves the implementation of secure update mechanisms, the validation of update integrity, and ensuring systems are protected against malicious software. Regular assessments by TÜV SÜD that help to maintain secure update procedures are critical components.
If manufacturers want to ensure the safety, security, and functionality of vehicles, OTA security is vital. This involves the implementation of secure update mechanisms, the validation of update integrity, and ensuring systems are protected against malicious software. Regular assessments by TÜV SÜD that help to maintain secure update procedures are critical components.
