We worked with a leading German TIER1 automotive supplier on its cybersecurity strategy. We started by conducting a cybersecurity readiness assessment. The result of the assessment identified gaps in relation to the requirements of the UNECE R155 cybersecurity regulation and ISO/SAE 21434 engineering requirements. The goal of this project was to close the identified gaps as soon as possible.
We took action immediately. Necessary work packages were identified, planned, and implemented in the fields of organization, risk management, security operations, development process, quality management (QM) and Audit, and supplier management. To close the gaps we had identified, we extended and adapted the organization-wide process map to implement a cybersecurity management system in the context of engineering systems in road vehicles.
New processes and roles were also defined and introduced for vulnerability management, patch management, cybersecurity risk management, and incidence response. Finally, cybersecurity processes and work products were piloted in a cybersecurity-relevant customer project.
We established a cybersecurity culture for the automotive firm, introducing new cybersecurity roles and processes on an organizational level. We also ensured the company met ISO/SAE 21434 compliance while successfully piloting a cybersecurity-relevant customer project.