2 automotive cybersecurity experts talking about SUMS

New at ESCRYPT: SUMS/UN R 156 now included in PROOF maturity model

The new UN Regulation 156 on software updates and software update management systems (SUMS) is now integrated into the automotive cybersecurity maturity model PROOF. The update is available for all PROOF subscribers.

ESCRYPT's product security organization framework (PROOF) is an integrated automotive cybersecurity maturity model in order to prepare for compliance, measure process-related risk, and continuously improve internal and supply chain product security activities. The maturity model currently contains mappings to UN R 155, UN R 156, ISO/SAE 21434, VDA ACSMS Red Volume and is actively maintained and extended. Since 2019, PROOF has been used at OEMs and suppliers worldwide.

The UN Regulation 156 defines uniform provisions for software updates in the automotive industry. A central aspect is a SUMS that OEMs need to implement and have certified. The EU and Japan have firm plans to enforce this regulation in future type approvals. Mature software update management is a milestone on the road to automated vehicles and is demanded by further regulations like the UN R 157 on automated lane keeping systems (ALKS).

See also our recorded webinar for further information on the impact of SUMS on OEMs and suppliers.


ISO 9001:2015 Home