icon
— IT & Cyber Security

Cyber security
management system

A regulatory framework for cyber security in the various sectors of the economy is currently emerging. One prerequisite is always information security. International standard ISO 27001, for example, specifies that companies must develop processes and rules within their organization that can be used to control and continuously improve information security in connection with IT processes and components. An information security management system (ISMS) of this kind covers all internal and external business processes. For example, interfaces with and dependencies on other companies must be documented. Likewise, there must be a plan for dealing with risks as well as security targets for functions and hierarchy levels.

The ISMS is a fundamental basis for cyber security and the foundation for a cyber security management system (CSMS) that deals with all procedures and processes concerning cyber security within a company and/or for products. The automotive industry is a pioneer in this regard, incorporating all the structures in the product life cycle as well as the production and supply chain. Background: From July 2022, the EU will require a certified CSMS for the approval of any new vehicle type and, from July 2024, a CSMS will be mandatory for all vehicles produced. For each electronic component, the approval authorities will check whether the risk of cyber attack has been adequately assessed and mitigated.

The requirements of the new WP.29 Guidelines and the ISO/SAE 21434 and ISO 24089 standards mark a paradigm shift in product safety in the automotive industry. In future, manufacturers must provide evidence of a certified CSMS (in accordance with UN-R155) for entire vehicles throughout their life cycle. Moreover, a certified management system will also be required for software updates (UN-R156). These management systems will have to be audited every three years. DEKRA is supporting car manufacturers in this process and in achieving greater cyber security.

A risk recognized is a risk averted
This website is using cookies to provide a good browsing experience

Cookie consent(s)

We use cookies on our website to personalize content and ads, to provide social media features and to analyze traffic to our website. To provide you with a convenient online experience and to improve our communications, please click "ACCEPT ALL". By doing so, you consent to the processing and sharing of your information with our social media, advertising and analytics partners. You can revoke your consent at any time in the settings.

This website is using cookies to provide a good browsing experience

Cookie consent(s)

We use cookies on our website to personalize content and ads, to provide social media features and to analyze traffic to our website. To provide you with a convenient online experience and to improve our communications, please click "ACCEPT ALL". By doing so, you consent to the processing and sharing of your information with our social media, advertising and analytics partners. You can revoke your consent at any time in the settings.

Your cookie preferences have been saved.