CSMS – ECE R155 Cybersecurity Management System – Stage 2 Type Approval Processes

CSMS - ECE R155 Cybersecurity Management System Stage 2 Type Approval

With the GSR II Regulations, the mandatory requirement for CSMS, namely the ECE R155 Cybersecurity Management System, has also become one of the new topics in Stage 2 type approval processes. So, what steps should be taken for the ECE R155 topic in Stage 2 type approval processes?

What is a Cybersecurity Management System (CSMS)?

The Cybersecurity Management System is defined by ECE Regulation 155, which manufacturers producing vehicles in the automotive sector are obliged to comply with. This management system is a comprehensive security regulation developed to ensure the protection of vehicles against cyber threats. R155 is also one of the mandatory requirements introduced by GSR II.

Compliance with this regulation requires vehicle manufacturers to meet specific cybersecurity standards before launching their vehicles on the market. According to the transition dates of the GSR II regulations, manufacturers are obliged to obtain compliance approval for these regulations. In this context, the R155 regulation aims to ensure cybersecurity management throughout the entire lifecycle of vehicles. This process includes the integration of cybersecurity measures at every stage, from vehicle design to production, use, and maintenance.

Manufacturers, divided into two main categories, must comply with these regulations: manufacturers holding a Stage 2 type approval certificate and manufacturers who will undertake new certification. Manufacturers with a Stage 2 type approval certificate must make the necessary adjustments to align their existing production processes with R155 regulations. Manufacturers undertaking new certification, on the other hand, must establish a Management System for a Cybersecurity approval process that complies with the requirements of R155 regulations from the outset in their production and design processes.

The Cybersecurity Management System includes a set of policies, processes, and technologies for manufacturers to ensure the security of their vehicles. This system has been established to increase the resilience of vehicles against cyberattacks, detect potential threats in advance, and develop effective responses to these threats. It also covers the secure execution of vehicle software updates and the assurance of data security.

For the successful establishment and implementation of the management system, manufacturers need to form teams specialized in cybersecurity or engage expert teams to manage the approval processes. Furthermore, the effectiveness of the management system requires manufacturers to collaborate with their supply chain partners and third-party providers, ensuring that these stakeholders also comply with cybersecurity standards.

Which Vehicles Require It?

Manufacturers are evaluated within this scope based on the production related to superstructure type approval. Regarding cybersecurity and the protection of the vehicle against cyber threats, under EU 2019/2144 regulation, M1, M2, M3, N1, N2, N3, component, and separate technical unit manufacturers are mandatorily subject to the regulation.

Although there is no mandatory requirement for O category manufacturers, they can obtain approval under this regulation if desired.

Cybersecurity Approval Process for Stage 2 Type Approval

Manufacturers performing superstructure manufacturing must first determine whether they fall within this scope based on their production. The crucial point here is the impact on the base vehicle. To assess this, certain documents need to be shared with us.

For example, for a manufacturer producing M3 category vehicles, the electrical and electronic products used, their relationship with the base vehicle, and their internal cybersecurity status are considered. This assessment represents a comprehensive and time-consuming process.

The resulting relationship with cybersecurity here determines the extent to which the manufacturer’s work on the cybersecurity management system will be comprehensive.

Therefore, superstructure companies must first understand the cybersecurity management system and confirm its scope, for example, whether a cybersecurity system is necessary.

Approval periods can range from 3 months to 1 year, depending on the work to be done.

CSMS – Our Cybersecurity Solutions

We offer various solutions for your approval processes related to the Cybersecurity Management System. Superstructure Stage 2 We manage the scope assessment, documentation, and approval processes according to type approval requirements. Therefore, you can contact us to get information about this regulation, which is mandatory for the continuity of type approval.

Bizi Linkedin ve Instagram hesaplarımızdan takip edebilirsiniz.

Tags
Homologasyon Uzmanı
Homologasyon Uzmanı

Otomotiv homologasyon faaliyetleri kapsamında Ankara (Merkez Ofis), İstanbul ve Bursa lokasyonları da dahil olmak üzere çözüm ortağı olarak hizmet sunmaktayız.

Üretici firmaların homologasyon süreçlerinde güçlü desteği sağlayarak araç veya komponent onay prosedürlerini takip etmekteyiz.

Üretimin tasarım aşaması itibariyle tescil süreçlerine kadar ara aşamaların tamamında mühendislik ve danışmanlık hizmetlerini sağlayarak birçok alanda avantaj sağlanmasını hedefliyoruz.

Güncel mevzuatlara uyum ve onay kuruluşları ile koordinasyon sağlayarak üretimin aksamasının önüne geçiyoruz.

Firmamız bünyesinde alanının uzmanları üreticilerimize birebir destek vermektedir.

Kalite sistemine uyumlu üretim ile üreticilerimizin homologasyon süreçlerinin güçlü yönetilmesi, pazarda riski minimuma indirgemek hedefimizdir.

Benzer Yazılar

Leave a Reply