Whitepaper | Secure vehicles through UNECE R155 and ISO/SAE 21434

UNECE Regulation No. 155 (UNECE R155) calls for vehicle manufacturers worldwide to set up and operate a cybersecurity management system. The requirements are specified in the accompanying ISO/SAE Standard 21434.

The Original Equipment Manufacturers (OEMs), i.e. the vehicle manufacturers, are primarily responsible for implementation. However, it is becoming apparent that requirements are increasingly being passed on to suppliers and that they have to prove compliance.

The implementation status of CSMS measures at suppliers varies greatly depending on the product portfolio, company size, region and division. To continuously be considered as a supplier of electronic components and systems in the future, there is a need for action. What do automotive suppliers have to do now to be allowed to sell their products in the future?

1. Analyze individual impact by UNECE R155 and record current cybersecurity processes
2. Define the target image for an optimized CSMS and formulate the desired proof of requirements
3. Implement CSMS processes to close gaps
4. Conduct internal assessment to determine CSMS readiness
5. Audit of the CSMS by an external certification body as evidence of effective CSMS processes and procedures