Cybersecurity in the automotive industry with ENX VCS
As digitalization and networking in the automotive sector progresses, the risk of cyberattacks is growing. As a result, the entire automotive industry supply chain is being shaped by the increased cyber security requirements for vehicle electrical and electronic (E/E) systems. This development is being driven by the increasing use of digital technologies in vehicle systems, including automated driving and the connectivity of vehicles with the road infrastructure, other vehicles or data centers.
Vehicle Cybersecurity (VCS) is a new cybersecurity audit program for the automotive sector from the ENX Association. The goal is to achieve standardized audits for cybersecurity management systems (CSMS) and implement ISO/PAS 5112 in the context of ISO/SAE 21434, using the ENX Association’s existing and established audit framework.
Upon verification of a successful test by participating audit providers, such as TÜV NORD, ENX will issue a VCS label on its exchange platform.
Who is ENX VCS aimed at?
- Suppliers of hardware and/or software based components and/or systems
- Software and ICT infrastructure service providers
The ENX VCS audit program was primarily designed for automotive suppliers involved in the development, production or maintenance of electrical and electronic systems for road vehicles. UNECE Regulation No. 155 (R 155) requires all automotive manufacturers (OEMs) to provide proof of successful testing of their cybersecurity management system in the form of a Certificate of Compliance (CoC). Suppliers must provide OEMs with this proof. OEMs already require their suppliers to provide proof that a cybersecurity management system has been implemented.
We at TÜV NORD CERT have extensive expertise and experience in the field of automotive cybersecurity. If you have any questions about the audit program, please don't hesitate to contact us.
Fulfilling cybersecurity requirements in the established ecosystem
With TISAX®, ENX has already established a cross-company testing and exchange procedure for information security in the automotive industry. All the proven processes and experience gained from the TISAX® assessment were integrated into the development of the new VCS audit program. The award of the ENX VCS label confirms that the recipient meets the highest cyber security requirements. These include the requirements of standards such as ISO/SAE 21434, ISO/PAS 5112 and the UNECE regulation.
The benefits for you of testing according to ENX VCS
- Compliance with the highest cyber security requirements to protect vehicles and passengers
- Fulfillment of the obligation as a supplier to prove your cybersecurity to vehicle manufacturers
- Relevant cybersecurity test criteria for the automotive industry
- Sustainable implementation of vehicle cybersecurity (VCS) in deeply integrated supply chains improves safety and reliability in the manufacture and maintenance of products
- Appropriate risk management and governance across different partners
- Standardized audit program: The audit and reporting procedures are standardized
- The results provide a high level of comparability and informative value
- The ENX Association’s well-known and established processes and procedures
FAQs
No. Upon successful verification by participating audit providers, such as TÜV NORD, a VCS label is issued by ENX Association - the administrator of the VCS audit program - in its database.
The prerequisite for an ENX VCS audit is a TISAX label with assessment level 2 or 3.
TÜV NORD CERT was involved in the development of the ENX VCS program from the very beginning and carries out the audits. Valuable experience gained during the global pilot phase is therefore incorporated into the application of the audit program.
Essentially, UNECE Regulation R 155 applies to all new types of vehicle that are developed from July 2022 and produced and launched on the market in the EU from July 2024.
ENX Vehicle Cybersecurity (VCS) – audited by TÜV NORD
TÜV NORD is a renowned service provider for a large number of national and international audit and certification programs. We have been accredited for IATF 16949 and ISO 27001 for many years and are a long-standing audit provider for TISAX®.
Note: TÜV NORD CERT GmbH is authorized by ENX to provide VCS assessment services. The brands and trademarks associated with the VCS audit program or TISAX® and the related intellectual property belong to ENX.
