German TIER1 Automotive Supplier

Developing a Cybersecurity Management System

To ensure the company could meet OEM requirements for ISO 21434-compliant processes

The Challenge

We worked with a leading German TIER1 automotive supplier on its cybersecurity strategy. We started by conducting a cybersecurity readiness assessment. The result of the assessment identified gaps in relation to the requirements of the UNECE R155 cybersecurity regulation and ISO/SAE 21434 engineering requirements. The goal of this project was to close the identified gaps as soon as possible.

Cybersecurity process implementation and ISO/SAE 21434 compliance for a TIER1 supplier

The approach

We took action immediately. Necessary work packages were identified, planned, and implemented in the fields of organization, risk management, security operations, development process, quality management (QM) and Audit, and supplier management. To close the gaps we had identified, we extended and adapted the organization-wide process map to implement a cybersecurity management system in the context of engineering systems in road vehicles. 
 
New processes and roles were also defined and introduced for vulnerability management, patch management, cybersecurity risk management, and incidence response. Finally, cybersecurity processes and work products were piloted in a cybersecurity-relevant customer project.

The result

We established a cybersecurity culture for the automotive firm, introducing new cybersecurity roles and processes on an organizational level. We also ensured the company met ISO/SAE 21434 compliance while successfully piloting a cybersecurity-relevant customer project.

Let’s create sustainable change together.