TÜV SÜD’s expert assessment verifies your organisation’s ability to develop, maintain a reliably safe and secure automotive software update mechanism and associated processes. We support you to ensure that your components, or even the entire vehicle, can perform software updates safely and securely in compliance with ISO 24089 – also supporting you with the required evidence to facilitate type approval in the EU and other countries that adopted the UN R156.
Our experts have been involved in the working group to develop the ISO 24089 standard and have in-depth knowledge which helps us to educate your understanding on standard requirements to ensure compliance with ISO 24089 in a timely manner. In addition, we are recognised as technical service for certification and type approval according to the Software Update Regulation, UN R156.
What is the ISO 24089 standard for software update engineering?
The standard ISO 24089 was introduced at the beginning of 2023 and serves as the new standard for automotive software update engineering for road vehicles.
Due to increased vehicle functions and connectivity, regular vehicle software updates have become necessary to implement important fixes and add new capabilities. However, this technical improvement also increases the vulnerability of vehicles to cyberattacks and safety hazards. The new standard ISO 24089 now addresses those challenges on a global level.
- The introduction of ISO 24089 will mandate the standardisation of safe and secure automotive software updates globally. It will provide a framework for the engineering of a software update mechanism that enables the deployment of updates safely and securely.
- The new ISO 24089 standard outlines the key processes and functions that should be used throughout the automotive software update engineering and update deployment, including verification and validation, and risk management regarding safety and cybersecurity.
- It will also introduce a globally uniform approach to software update management.
For whom is the ISO 24089 standard relevant and what exactly does it cover?
Organisations involved in road vehicle software update engineering should comply with ISO 24089 to prove they correspond to the state-of-the-art in software update engineering. This includes original equipment manufacturer (OEMs) and suppliers, as well as subsidiaries and contractual partners.
But what does the new standard ISO 24089 for road vehicles cover?
- The standard covers requirements for vehicles and its Electronic Control Units (ECUs), new software update packages, the infrastructure, and the whole software update mechanism.
- The requirements of ISO 24089 work on a global level, as they are harmonised with UN Regulation 156. Therefore, both mandate that security and safety is enforced across the whole automotive software update engineering process, including the software updates to be deployed.
- Risk must be managed for the vehicle as well as the infrastructure that is involved in the software update process.
Why is compliance with ISO 24089 standards so important?
The requirements of ISO 24089 are harmonised with the UN Regulation 156, and both mandate that security and safety is enforced across the whole automotive software update mechanism.
Consequently, the ISO 24089 standard serves the following needs:
- Supports the fulfilment of UN R 156 requirements (software update enabled vehicles cannot be sold without UN R156 type approval)
- Ensures software updates are implemented safely and securely
- Establishes trust in future mobility solutions with software update engineering activities
As your partner for future mobility solutions, TÜV SÜD can support you with an efficient and systematic assessment by an independent third-party to identify your level of conformity to the regulation.
TÜV SÜD is your ideal partner to support you in getting familiar with the new standard ISO 24089 and ensuring your compliance
TÜV SÜD’s expert assessment verifies your organisation’s ability to develop and maintain a safe and secure software update mechanism and associated processes. Additionally, you can ensure that a component, or even the entire vehicle, can perform software updates safely and securely – giving you the required evidence to support type approval in the EU and other countries that adopted the UN R156.
- Our TÜV SÜD experts help you to understand the ISO 24089 software requirements and how they affect your products and systems.
- Our expert assessment of automotive software updates and the management of software updates identifies if your organisation’s processes provide a suitable and sustainable framework for your software update activities.
- We support you to identify compliance gaps in your processes and how they can be closed.
- Furthermore, we can assist you in ensuring that your software update processes fulfil ISO 24089 requirements, so you can achieve certification used as evidence for compliance to the standard. The certificate can be provided by TÜV SÜD’s certification body.
- Our assessment determines whether you fulfil the requirements of both UN Regulation 156 and ISO 24089.
What services does TÜV SÜD offer in context of ISO 24089 in automotive software update engineering?
TÜV SÜD offers a variety of services regarding the assessment of your automotive software update engineering processes and activities according to the standard ISO 24089.
These service areas include:
Workshops
- Advisory workshops to familiarise yourself with the ISO 24089 requirements
- Scoping workshops to find out if, to what extent, the ISO 24089 applies to your organisation
- Individual software update workshops about the objectives, requirements and work products of the ISO 24089 standard with specific examples
Assessments
- Gap analysis to identify potential gaps in your concept and/or implementation of the ISO 24089 requirements
- Analyse the compliance state of your organisation and the relevant processes to ISO 24089
- Assess a partial scope of the ISO 24089
- Deliverable: technical report with detailed evaluations and findings
Certification
- Certification of the implementation and maintenance of the ISO 24089 requirements
- Deliverable: Certificate, can be used as evidence for compliance to the standard
FAQ