Services
Insights

Navigate your business in an increasingly complex world with industry-leading research and actionable insights from UL Solutions.

View all
Aerial photo of downtown Chicago
Next
Previous
News

Explore our press releases and news updates. Delve into detailed press kits for information on our work. If it’s UL Solutions and newsworthy, it’s here.

View all
man using and tablet while presenting in front of a room
Next
Previous
Events

Connect with us in person or online, around the globe. We’re everywhere your business needs us to be.

View all
Photo of a crowd attending a presentation in a large view.
Next
Previous
About Us

As a global safety science leader, UL Solutions helps companies to demonstrate safety, enhance sustainability, strengthen security, deliver quality, manage risk and achieve regulatory compliance. 

Overview
UL Solutions Consumer Information

See how we put safety science to work to help create a safer, more secure and sustainable world for you.

Learn more
Resources

Explore our business intelligence-building digital tools and databases, search for help, review our business information, or share your concerns and questions.

Overview
UL Solutions Market Access Portal

Accelerate your planning process and learn the requirements needed to take your products to market worldwide.

Visit
myUL® Client Portal

A secure, online source for increased visibility into your UL Solutions project files, product information, documents, samples and services.

Go to myUL
Certification Database — UL Product iQ®

Access UL certification data on products, components and systems, identify alternatives and view guide information with Product iQ.

Visit
Industries
View All
  • Software and Products
  • Guide

Cybersecurity Management System (CSMS)

Learn what is necessary for your organization to integrate cybersecurity into your process landscape.

Contact us
header placeholder

A management system is about structures, processes, measures and competencies. The United Nations Economic Commission for Europe (UNECE) has published UN Regulation No. 155 (UN R155) requiring automotive manufacturers to implement a cybersecurity management system (CSMS) for all vehicles manufactured in July 2024 or later.

UN R155 CSMS requirements

UN R155 defines a CSMS as “a systematic risk-based approach defining organizational processes, responsibilities and governance to treat risk associated with cyber threats to vehicles and protect them from cyberattacks.”

In other words, the CSMS structures your company's approach to safety and security and governs what actions must be taken by whom and when to keep the connected vehicle secure until the end of its service life. It includes your company’s:

  • Cybersecurity culture.
  • Organizational structure.
  • Documentation of required development processes and procedures.
  • Monitoring of whether the work performed is in accordance with established processes and procedures.
  • Monitoring of whether the work results in appropriately secure products.
  • Necessary infrastructure.
  • Required skills and competencies.

The UNECE requires OEMs and suppliers to: 

  • Design products to be secure throughout their life cycle.
  • Constantly evaluate new vulnerability information.
  • Take action accordingly.

ISO/SAE 21434: A comprehensive approach to cybersecurity

The international standard ISO/SAE 21434, Road Vehicles — Cybersecurity Engineering, published in 2021, takes a comprehensive approach to connected vehicle cybersecurity and identifies the engineering requirements for a CSMS.

The CSMS coordinates ongoing comprehensive cybersecurity tasks at the corporate, business and project level. Risks differ at each level, and the management system’s level of detail relates to the nature of the risks. At the appropriate levels, companies should derive corresponding subsystems with structures, processes, measures and competencies. Industry best practices recommend integrating cybersecurity requirements into your existing process landscape rather than deploying an additional isolated management system.

Continuous cybersecurity activities

A cybersecurity management system can help companies thoroughly carry out necessary cybersecurity activities for development, production and post-production until the vehicle series reaches the end of its service.

To this end, Clause 8 of ISO/SAE 21434, in particular, requires that manufacturers continually check whether the risk assumptions and countermeasures are up to date.

Carefully implementing the CSMS and fostering a cybersecurity culture in your organization can help your team members more effectively integrate cybersecurity concerns into their work and develop cybersecurity by design.

header placeholder

Cybersecurity services from UL Solutions Software Intensive Systems

UL Solutions Software Intensive Systems can support automotive original equipment manufacturers (OEMs) and suppliers in your efforts to:

  • Foster awareness for the need for comprehensive end-to-end safeguards.
  • Provide detailed assessments of any threats posed.
  • Match your cybersecurity policies to processes, products and IT requirements.
  • Manage involved specialists.
  • Assess and improve your development processes with respect to security issues.
  • Adapt existing workflows and procedures to address key cybersecurity issues.
  • Navigate conformance to UNECE systems homologation guidelines.
  • Define and introduce new development processes that meet the requirements of ISO/SAE 21434.
  • Evaluate, develop and implement cybersecurity management systems.
  • Select relevant security technology and industry standards according to your requirements (we offer ISO-compliant kits and templates).
X

Get connected with our sales team

Thanks for your interest in UL's products and services. Let's collect some information so we can connect you with the right person.