An audit should also ensure the cybersecurity of cars at the supplier level. The first audit companies have already been approved. This article by Klaus-Dieter Flörecke was first published in German on 28 June, 2024, at www.automobilwoche.de
The countdown will soon be over. According to European Union regulations, proof of an existing cybersecurity management system (CSMS) must be provided for all newly commissioned vehicles by July. This applies to both old and new vehicle model series.
As a consequence, models such as the VW "Bulli" T6.1, Ford Fiesta, and Porsche Macan will no longer be sold in Europe because implementing UNECE R155 would not be economically viable.
The standard, which came into force at the beginning of 2022, requires vehicle manufacturers to implement a CSMS that ensures cyber security throughout the entire vehicle life cycle and also includes the supply chain.
Uniform basis for validation
With this in mind, the ENX Association, a consortium of European automotive manufacturers, suppliers, and associations, recently introduced the ENX Vehicle Cybersecurity Audit (ENX VCS) to certify cyber security at the supplier level. The globally standardized audit basis is intended to ensure comparable audit results.
"The industry has long been waiting for a standardized audit basis for the validation of cyber security management systems," says Christian Gerling, Managing Director of the certification body DQS.
Although the TISAX® information security management system has been ensuring a secure flow of information in the supply sector for several years, it is not dedicated to cyber security.
Important for the supply chain
Initial pre-audits and certifications in the run-up to the VCS launch show"that some vehicle manufacturers are already intensively addressing the issue. Their suppliers are aware that they also need this certification in order to remain in the supply chain," says DQS Manager Ingo Unger.
The companies must go through a pre-defined process to receive the certificate. Once they have registered for the audit, they receive a questionnaire. This includes an assessment of the expected scope of the project.
"Once this questionnaire has been submitted, the company and the audit provider meet in a kick-off to discuss the details of the audit and requirements," says Unger.
A handful of providers
The audit then checks the documentation submitted by the company on-site. The DQS manager expects the audits to be completed within five to ten days.
According to the ENX Association, a handful of providers like DQS can get started right away. The certification company has just certified the first major supplier to the German automotive industry for a VCS audit.
Unger:"And there are a number of requests for audits from companies that supply both German and international OEMs."
Loading...
Update: DQS certifies Hyundai Mobis according to ENX VCS
At a ceremonial event, Ingo Unger from DQS, together with the standard provider ENX, presented the ENX Vehicle Cyber Security (VCS) certificate to Abdul Khaliq, Vice President Software Innovation Strategy at Hyundai MOBIS.
Image released for use in print and online media | Image credit: © DQS GmbH
DQS Newsletter
Stay informed and subscribe to our newsletter!