Compliance with the new ISO 24089 standard in vehicle software update engineering is relevant for the automotive sector.

ISO 24089: The standard for vehicle software update engineering

TÜV SÜD supports you to understand ISO 24089 requirements to achieve compliance and to ensure vehicle safety and security for software updates

TÜV SÜD supports you to understand ISO 24089 requirements to achieve compliance and to ensure vehicle safety and security for software updates

TÜV SÜD’s expert assessment verifies your organisation’s ability to develop, maintain a reliably safe and secure automotive software update mechanism and associated processes. We support you to ensure that your components, or even the entire vehicle, can perform software updates safely and securely in compliance with ISO 24089 – also supporting you with the required evidence to facilitate type approval in the EU and other countries that adopted the UN R156.

Our experts have been involved in the working group to develop the ISO 24089 standard and have in-depth knowledge which helps us to educate your understanding on standard requirements to ensure compliance with ISO 24089 in a timely manner. In addition, we are recognised as technical service for certification and type approval according to the Software Update Regulation, UN R156.

What is the ISO 24089 standard for software update engineering?

The standard ISO 24089 was introduced at the beginning of 2023 and serves as the new standard for automotive software update engineering for road vehicles.

Due to increased vehicle functions and connectivity, regular vehicle software updates have become necessary to implement important fixes and add newA man in a car is checking the vehicle software updates according to compliance with new standard ISO 24089. capabilities. However, this technical improvement also increases the vulnerability of vehicles to cyberattacks and safety hazards. The new standard ISO 24089 now addresses those challenges on a global level.

  • The introduction of ISO 24089 will mandate the standardisation of safe and secure automotive software updates globally. It will provide a framework for the engineering of a software update mechanism that enables the deployment of updates safely and securely.
  • The new ISO 24089 standard outlines the key processes and functions that should be used throughout the automotive software update engineering and update deployment, including verification and validation, and risk management regarding safety and cybersecurity.
  • It will also introduce a globally uniform approach to software update management.

For whom is the ISO 24089 standard relevant and what exactly does it cover?

Organisations involved in road vehicle software update engineering should comply with ISO 24089 to prove they correspond to the state-of-the-art in software update engineering. This includes original equipment manufacturer (OEMs) and suppliers, as well as subsidiaries and contractual partners.

But what does the new standard ISO 24089 for road vehicles cover?

  • The standard covers requirements for vehicles and its Electronic Control Units (ECUs), new software update packages, the infrastructure, and the whole software update mechanism.
  • The requirements of ISO 24089 work on a global level, as they are harmonised with UN Regulation 156. Therefore, both mandate that security and safety is enforced across the whole automotive software update engineering process, including the software updates to be deployed.
  • Risk must be managed for the vehicle as well as the infrastructure that is involved in the software update process.

Why is compliance with ISO 24089 standards so important?

The requirements of ISO 24089 are harmonised with the UN Regulation 156, and both mandate that security and safety is enforced across the whole automotive software update mechanism.

Consequently, the ISO 24089 standard serves the following needs:

  • Supports the fulfilment of UN R 156 requirements (software update enabled vehicles cannot be sold without UN R156 type approval)
  • Ensures software updates are implemented safely and securely
  • Establishes trust in future mobility solutions with software update engineering activities

As your partner for future mobility solutions, TÜV SÜD can support you with an efficient and systematic assessment by an independent third-party to identify your level of conformity to the regulation.

TÜV SÜD is your ideal partner to support you in getting familiar with the new standard ISO 24089 and ensuring your compliance

TÜV SÜD’s expert assessment verifies your organisation’s ability to develop and maintain a safe and secure software update mechanism and associated processes. Additionally, you can ensure that a component, or even the entire vehicle, can perform software updates safely and securely – giving you the required evidence to support type approval in the EU and other countries that adopted the UN R156.

  • Our TÜV SÜD experts help you to understand the ISO 24089 software requirements and how they affect your products and systems.A man in a car is checking the vehicle software updates with a tablet.
  • Our expert assessment of automotive software updates and the management of software updates identifies if your organisation’s processes provide a suitable and sustainable framework for your software update activities.
  • We support you to identify compliance gaps in your processes and how they can be closed.
  • Furthermore, we can assist you in ensuring that your software update processes fulfil ISO 24089 requirements, so you can achieve certification used as evidence for compliance to the standard. The certificate can be provided by TÜV SÜD’s certification body.
  • Our assessment determines whether you fulfil the requirements of both UN Regulation 156 and ISO 24089.

What services does TÜV SÜD offer in context of ISO 24089 in automotive software update engineering?

TÜV SÜD offers a variety of services regarding the assessment of your automotive software update engineering processes and activities according to the standard ISO 24089.

These service areas include:

Workshops

  • Advisory workshops to familiarise yourself with the ISO 24089 requirements
  • Scoping workshops to find out if, to what extent, the ISO 24089 applies to your organisation
  • Individual software update workshops about the objectives, requirements and work products of the ISO 24089 standard with specific examples

Assessments

  • Gap analysis to identify potential gaps in your concept and/or implementation of the ISO 24089 requirements
  • Analyse the compliance state of your organisation and the relevant processes to ISO 24089
  • Assess a partial scope of the ISO 24089
  • Deliverable: technical report with detailed evaluations and findings

Certification

  • Certification of the implementation and maintenance of the ISO 24089 requirements
  • Deliverable: Certificate, can be used as evidence for compliance to the standard

FAQ

 

  • Who should comply with ISO 24089?

    Automotive industry players involved in automotive software engineering like OEMS, subsidiaries, suppliers, and contractual partners should comply to the ISO 24089 standard and its requirements.

  • In which countries is ISO 24089 compliance mandatory? 

    ISO 24089 is globally applicable. While the standard is not mandatory, it can be used as evidence for compliance to the current state-of-the-art for automotive software update engineering.

  • Is there any automotive software update engineering training available?

    Yes. We offer individual software update workshops. These cover the objectives, requirements, and work products of ISO 24089. The workshops include specific examples and information about the UN R156 software update regulation.

     

  • What is the difference between UNECE R156 and ISO 24089?

    UNECE R156 is mandatory for OEMs to gain type approval for their vehicle types. The ISO 24089 as an international standard but it is not mandatory with regard to any vehicle approval. It represents the current state-of-the-art for automotive software update engineering. Although UNECE R156 and ISO 24089 are harmonised, the regulation focusses on approval-related requirements whereas the standard does not.

  • How do we ensure the cybersecurity of over-the-air (OTA) updates?

    OTA updates have been an invaluable innovation to the vehicle market. However, while this technology allows manufacturers to improve vehicle performance, introduce new features, fix bugs, and address security vulnerabilities, it can also introduce an element of cybersecurity risk.

    If manufacturers want to ensure the safety, security, and functionality of vehicles, OTA security is vital. This involves the implementation of secure update mechanisms, the validation of update integrity, and ensuring systems are protected against malicious software. Regular assessments by TÜV SÜD that help to maintain secure update procedures are critical components.

EXPLORE

Case study AAI
CASE STUDY

Case Study: Automotive Artificial Intelligence (AAI) GmbH

AAI's ReplicaR is the world's first ADS simulation platform certified by TÜV SÜD's VIVALDI procedure as fit for purpose.

Learn More

Image Christa Budke
E-ssentials

An interview with Christa Budke about the new standard ISO 24089

Christa provides us insights about the new standard for vehicle software update engineering, ISO 24089.

Learn more

ISO 24089
Infographics

ISO 24089 - The new standard for road vehicles

Ensure vehicle safety and security for software updates

Learn More

ISO 24089
Infographics

The new standard for software update engineering

Prove that your road vehicle software updates comply with ISO 24089

Learn More

Automated vehicle approval
White paper

The Road to AV Approval: A Cybersecurity Perspective

A closer look at the approval for connected and automated vehicles, with a focus on cybersecurity

Learn More

Interior view of an car with illustrations in the front
White paper

Virtual homologation of an ALKS according to UNECE R157

Gain insights into UNECE R157 and scenario-based test approaches

Learn More

Cyber security threats of autonomous and connected vehicles
Stories

Cyber security threats of connected vehicles

Consequences and safety solutions

Learn More

VIEW ALL RESOURCES

Next Steps

Site Selector