Vehicle type approval readiness assessment

Vehicle type approval readiness assessment

The type approval of vehicles will soon only be possible if a certified cybersecurity management system is in place. ESCRYPT supports manufacturers and suppliers to understand and implement the new cybersecurity requirements by conducting a vehicle type approval readiness assessment.

How prepared are you for the new cybersecurity requirements?

The upcoming UN Regulation 155 requires adequate security for vehicle types. From 2024, vehicle types must have been developed according to a certified Cybersecurity Management System (CSMS). This makes a technical security gap analyses of future and legacy architectures for WP.29 necessary.

ESCRYPT’s technical vehicle type approval readiness assessment provides a sound foundation for technical roadmaps, budget estimation and business decisions.

The vehicle type approval readiness assessment is a component of PROOF, ESCRYPT‘s Product Security Organization Framework. PROOF is a proven approach to guide manufacturers and suppliers from the first readiness check to the commissioning and operation of a CSMS.

It takes time to implement the new cybersecurity requirements into your processes. Start today if you want to ensure your future products receive type approval.

With AUTOSAR to UNECE-compliant cybersecurity – Watch our webinar recording to learn how to realize type-approvable development and retrofit of E/E architectures with AUTOSAR and download our whitepaper.

Assessing type approval readiness

The method

ESCRYPT’s vehicle type approval readiness assessment focuses on the critical elements as well as E/E level measures. Its criteria are based on

the regulation text,
the task force’s interpretation document,
lessons learned from the WP.29 test phase in 2019, and
well over a decade of experience in engineering secure vehicle types.

The assessment uses well-defined criticality indicators to identify potentially critical elements of the E/E architecture. These elements are matched with the threats from Annex 5 of the regulation and appropriate security controls. ESCRYPT’s readiness report puts a specific focus on economic considerations in order to balance compliance, security, and financial viability.

Work items

ESCRYPT‘s experts conduct a technical analysis of the target vehicle type, i.e. its E/E architecture, together with the customer’s internal stakeholders.
In a customer workshop, ESCRYPT leads through a WP.29 gap analysis of vehicle type‘s elements, their cybersecurity criticalities and current security controls.
This results in a completed readiness assessment calculation sheet with an initial budget estimation to prepare the vehicle type for approval.
Following the workshop, ESCRYPT creates and delivers a readiness report with additional E/E level recommendations that can optimize preparations for type approval.