DQS, one of the leading international certification bodies, is now supporting organizations in the automotive industry worldwide with audits according to ENX VCS, the audit program for automotive cyber security. 

With a successful audit and the award of the "Vehicle Cyber Security" label, OEMs and their suppliers document that their Cyber Security Management Systems (CSMS) meet the requirements of UNECE Regulation R 155 and that their cyber security meets the highest requirements for the protection of vehicles and their occupants. The VCS audit program was developed by the ENX Association, an association of automotive manufacturers, suppliers and international automotive associations.

The ENX VCS Solution at its core

With ENX VCS it is now possible to audit and certify a Vehicle Cyber Security Management System (V-CSMS) that complies with ISO/SAE 21434 and at the same time fully implements the recommendations of ISO/PAS 5112. ENX VCS thus provides a globally uniform audit basis for all participants with the indispensable comparability of audit results.

"As a globally active audit provider and ENX partner from the very beginning, we welcome the new ENX VCS audit program," explains Christian Gerling, Managing Director of DQS GmbH. "The industry has been waiting for a long time for a uniform audit basis for the validation of cyber security management systems. A program developed centrally by ENX, based on the TISAX® principles for information security in the automotive industry, and consistent across the industry is undoubtedly the best approach. Many of our customers are already in the starting blocks for the VCS audit - and we look forward to supporting these organizations in demonstrating their effective cyber security management.

Cyber security regulations on the rise

Governments around the world are setting increasingly stringent cyber security guidelines for the automotive industry in response to the growing number of cyber-attacks, the rapidly expanding areas of attack, and the growing potential damage of these attacks. In the EU, Japan and Korea, the UNECE R155 standard, which came into force at the beginning of 2022, plays a key role in this regard: It requires car manufacturers to implement up-to-date Cyber Security Management Systems (CSMS) that ensure the cyber security of vehicles throughout their entire lifecycle - including the entire supply chain.

Finally, a consistent baseline for audits

As important as government cyber security initiatives are, according to most industry experts, many companies have long struggled to prove compliance with UNECE R155 and other requirements because of a lack of uniform audit programs and the fact that each audit service provider audited according to their own processes. ENX is now addressing this challenge with the release of the new VCS audit program. As part of this process, OEMs and suppliers with a TISAX® label can now have their CSMS audited by approved audit providers such as DQS and receive proof of successful auditing from ENX in the form of a VCS label.

Binding procedures for auditors

In order to ensure comparable processes for all audit providers worldwide, ENX also published specific "Audit Provider Criteria & Assessment Requirements" (ACAR VCS) and a binding audit catalog for Vehicle Cyber Security Audits (VCSA) at the start of the program. The VCS defines a series of mandatory milestones for auditors, including an organizational review of CSMS regulations, a document and process review, and the creation of a risk-oriented sample of all cyber security-related projects. The auditors must then interview the team and review the work results to ensure that the CSMS is actually being applied. After successful completion of the audit, organizations can apply for a corresponding VCS label from ENX.

The label reflects the role of the supplier

Similar to TISAX®, the VCS audit takes into account the different roles that suppliers can play in the provision of cyber security-related components. In this way, each supplier only has to meet the requirements of the VCSA audit catalog that correspond to their actual role. A distinction is made between the labels:

  • VCS Development
  • VCS Production
  • VCS Operation & Maintenance

Industry-wide transparency in cyber security

"The VCS audit is a unique opportunity for automotive manufacturers and their suppliers," confirms Christian Gerling, Managing Director of DQS. "ENX has now solved the challenge of a standardized approach for the benefit of all and, with VCS, is creating the conditions for industry-wide transparency."

DQS is a competent partner

As one of the most experienced national and international service providers for the certification of management systems, DQS has been working with ENX for many years and was also directly involved in the development of the new audit program. During the relatively long initiation period up to the publication of the program, DQS has gained valuable experience in a large number of beta audits and is therefore ideally prepared to audit the CSMS of customers worldwide on the basis of the VCS requirements. The topic of VCS is embedded in the "Center of Excellence Information & Data Security" and thus in a central service area of DQS, in order to raise organizations to a new level of security and quality in information security and cyber security by means of audits and assessments.

The ENX Vehicle Cyber Security Audit (ENX VCS) to certify the cyber security of suppliers in accorda

The ENX Vehicle Cyber Security Audit (ENX VCS) to certify the cyber security of suppliers in accordance with international standards and specifications (ISO/SAE 21434, ISO/PAS 5112) and the UNECE regulation (UN R-155).

Press contact:

Matthias Vogel
Press/Public Relations
August-Schanz-Straße 21
D-60433 Frankfurt am Main, Germany
Phone: +49-69 95427-287
E-mail: matthias.vogel@dqs.de


DQS: Simply leveraging quality.

"In everything we do, we set the highest standards of quality and competence for every project. This makes our actions the benchmark for our industry, but also our own guiding principle, which we set anew every day.”

DQS sets the highest standards of competence, experience and quality for its customers. The core competencies of DQS lie in the performance of certification audits and assessments. With an annual turnover of EUR 160 million (2023), DQS, headquartered in Frankfurt am Main, Germany, is one of the world's leading providers with the claim to set new standards in reliability, quality and customer orientation.

More than 2,500 highly qualified and experienced auditors conduct more than 125,000 customer-specific audits per year in more than 60 countries in accordance with more than 200 recognized norms and standards.

DQS was founded more than 35 years ago by the German Society for Quality (DGQ), the German Institute for Standardization (DIN) and other German industry associations with the aim of performing certifications and audits for organizations worldwide at the highest level. At its inception, DQS was the first independent certification service provider in Germany. In 2008, the U.S. company Underwriters Laboratories joined the group as an additional shareholder with its international management system certification business, enabling the organization to take a major step towards a global presence.