Request a quote
Your local point of contact
We will be happy to provide you with a customized offer for your ENX VCS audit.
Mutual recognition between all VCS participants
Suppliers and service providers gain more confidence in your audited company
VCS certification audit only every three years
Membership in the VCS network saves time and money
Under UN R 155, manufacturers of road vehicles are required to take responsibility for the cyber security of their vehicles. In this context, cyber security refers to the security and reliability of all IT-based components of a vehicle. Unlike purely electronic or physically controlled components, VCS components are software-driven. This allows a vehicle to dynamically adapt its driving behavior to the driver and the environment, to park itself, or to initiate emergency braking. By-wire solutions, which have long been used in aviation, enable new design solutions for passenger compartments, easier maneuvering in city centers thanks to higher steering angles at low speeds (steer-by-wire), or fully automatic parking brakes (brake-by-wire).
Similar to TISAX®, VCS has an exchange mechanism for the results of ENX VCS audits. VCS is an audit mechanism of the ENX Association. An association of European automotive manufacturers, automotive suppliers and automotive associations that monitors the quality of VCS audits and controls the approval of VCS audit service providers.
After a successful audit, you will receive your VCS labels on the VCS online platform. These labels are comparable to certificates and serve to confirm your capabilities as a VCS supplier.
1. Register online at www.enx.com/VCS
2. Select an ENX-approved audit service provider such as DQS
3. Undergo an ENX VCS audit
4. Exchange the audit results on the VCS online platform
If a company is interested in your VCS results, it can register with ENX as an "Information Consumer". You can decide for each Information Consumer whether you want to share your current VCS status with them.
Before you start with the VCS audit, your company must define a clear scope. This includes determining which VCS activities your company is responsible for. If these are VCS development activities, you must fulfill the requirements of "VCS Development". If your company is responsible for the secure production and basic configuration of VCS components, you must fulfill the requirements of "VCS Production". If your company is responsible for the long-term operation and maintenance of VCS components, you must fulfill the requirements of "VCS Operations & Maintenance".
The central Cyber Security Management System will be audited at the site that primarily controls the CSMS. The effectiveness of the central CSMS is audited at the sites where the VCS activities of the CSMS are performed. Therefore, all locations where these distributed VCS activities take place are included in the scope of the audit. However, during the course of the audit, a sample of VCS projects is taken to determine which sites are actually included in the audit. In principle, all sites in question must have a valid TISAX® label at the time of the audit.
The findings of the ENX VCS audit are recorded in an interim report. In case of non-conformities, measures to be implemented are agreed upon. If necessary, the implementation of the measures is determined within an agreed period. This procedure ensures that all nonconformities identified are addressed effectively and promptly.
Once the non-conformities have been closed, an effectiveness review is performed to validate the closure of the nonconformities and to assess the overall effectiveness of the corrective actions taken.
The final result will be published online in the ENX® portal. Your company will then be listed as a participant in the VCS process with the corresponding labels.