Automotive Cybersecurity Management System Assessment

What is an Automotive Cybersecurity Management System Assessment?

An Automotive Cybersecurity Management System (CSMS) assessment is an audit of a vehicle manufacturer or OEM's cybersecurity framework. The expert assessment identifies if the organisation’s processes provide a suitable cybersecurity framework across the product lifecycle and that the CSMS requirements of both the UNECE Cybersecurity Vehicle Regulation and ISO/SAE 21434 are fulfilled.

As today's connected automated and autonomous vehicles become more and more complex, the danger of potential cyberattacks increases. To protect vehicles and components, manufacturers must therefore focus beyond the product and create an organisational cybersecurity environment that enables the development of safe and secure products.

The introduction of the UNECE Cybersecurity Regulation will make cybersecurity mandatory for all new vehicles, systems, components and separate technical units. The regulation covers both the cybersecurity of products and the organisational environment. Both the UNECE regulation and ISO/SAE 21434 require cybersecurity to be enforced across the entire automotive supply chain. The assessment ensures that the regulation cybersecurity requirements are met.

What requirements does the new UNECE Cybersecurity Regulation put on automotive manufacturers?

The UNECE Cybersecurity Regulation requires automotive manufacturers to maintain a certified Cybersecurity Management System (CSMS), which must be assessed and renewed at least every three years.

The CSMS will ensure that the organisation has the appropriate security measures across the development, production and post-production processes, to produce safe and secure products.

Why is a Cybersecurity Management System Assessment important?

An automotive cybersecurity management system assessment assures that robust cybersecurity processes exist across the entire company’s organisation of automotive manufacturers.

Without providing evidence for a CSMS, automotive manufacturers and suppliers cannot gain type approval and will be unable to sell vehicles, components or software in the EU after June 2022. Consequently, Tier 1 and Tier 2 manufacturers, and hardware and software suppliers must give evidence about their capabilities, including their organisational and engineering cybersecurity processes.

A CSMS assessment ensures your business:

• Reduces risk by ensuring your processes and products fulfil all cybersecurity requirements according to both the UNECE Cybersecurity Regulation and ISO/SAE 21434
• Is prepared for the CSMS certification, receive type approval and ensure that your vehicles can be sold in the EU also after June 2022
• Minimises time to market by improving the efficiency of your product development cybersecurity processes
• Increases the trust of your customers by demonstrating your dedication to accurately assessing cybersecurity in line with the existing regulations

TÜV SÜD supports you to achieve CSMS Certification

TÜV SÜD’s assessment of automotive cybersecurity management systems identifies whether your organisation provides a sufficient cybersecurity framework across the whole product lifecycle. We verify that your CSMS meets the requirements of the UNECE Cybersecurity Regulation and ISO/SAE 21434.

TÜV SÜD is an independent third-party service provider with over a century of automotive experience. Our experts are actively involved in the development of the latest cybersecurity standards (including ISO/SAE 21434, ISO PAS 5112 and ISO 24089). This means you have access to the most up-to-date knowledge of current and future requirements.

We also participate in relevant UNECE committees to develop regulations on cybersecurity and software updates for vehicles (such as UNECE WP.29 GRVA). We have also been involved in the development of the first technical guideline in Singapore (TR68-3) for the secure and safe deployment of fully autonomous vehicles.

With our systematic and holistic CSMS assessment reports, we enable you to design and verify secure automotive components and systems for connected and automated vehicles.

TÜV SÜD’s Automotive Cybersecurity Management System Assessment Service

Our CSMS assessments provide a comprehensive audit of your cybersecurity framework against ISO/SAE 21434 and the UNECE cybersecurity regulation.

TÜV SÜD's experts analyse your organisation’s cybersecurity governance, management and cyberattack prevention methods. This means your CSMS can then be certified as compliant (TÜV SÜD’s Technical Service can also offer certification). Our detailed technical report includes a performance analysis of your processes and recommends how to close existing gaps.

Our assessments are completely flexible and can be adapted to fit your organisation’s needs - either by assessing the entire organisation or covering specific departments. They can also be applied in the early implementation stages and allow for efficient re-assessment. This means that changes in your organisation or processes can be reflected quickly.

If you wish to sell into key global automotive markets, demonstrating that you conform to the new UNECE regulation is essential. Contact TÜV SÜD for an assessment of your cybersecurity framework against the UNECE cybersecurity regulation and ISO/SAE 21434 today.