The Automotive Cybersecurity Professional (ACP) Framework enables organizations and those responsible for cybersecurity in automotive development to establish the necessary cybersecurity competencies in line with the actual needs within the organization, in the project, for individual roles and functions. Supported by the independent certification function of TÜV Rheinland.
The ACP Framework provides a structure for cybersecurity competencies in automotive
WHY IS A CYBERSECURITY COMPETENCE FRAMEWORK NEEDED IN THE AUTOMOTIVE INDUSTRY?
The automotive industry faces a significant challenge: ongoing technological evolution on the one hand, and already effective cybersecurity standards and regulations on the other. With
- ISO/SAE 21434 Road Vehicles – Cybersecurity Engineering
- and UN Regulation No. 155
standardized principles for automotive cybersecurity are becoming established. This also involves cybersecurity competence and cybersecurity culture.
Not only does building and developing the necessary skills and associated awareness (e.g., through training) become a challenge, but also providing reliable evidence of this.
ISO/SAE 21434 indicates (also see The Essential Guide to ISO/SAE 21434) that demonstrating an implemented competency management becomes as necessary as demonstrating the establishment of a cybersecurity culture. In order to ensure the proper compliance here, documentation of implemented measures will become mandatory.
To do so, an organization-wide valid framework that is established in the industry is needed, such as the ACP Framework of the CYRES Academy.
The official Automotive Cybersecurity Professional Certificate (incl. TÜV Rheinland Certified Qualification)
The official automotive cybersecurity certification along the ACP framework is realized by CYRES Consulting together with TÜV Rheinland as certification partner. With the participation in the ACP trainings, participants always receive a Certificate of Attendance as confirmation of participation.
In order to receive the official certificate as proof of the acquired professional competence along the certification and examination regulations of the ACP Framework, the successful passing of the associated examination is additionally required.
Partnership with TÜV Rheinland for the execution of the examinations and the associated certification
The associated examination is executed by TÜV Rheinland in cooperation with CYRES Consulting. The examination is a written test in which the participants have to demonstrate their knowledge acquired through the previous training course(s).
Within a given time frame, a certain percentage of the exam questions must be answered correctly in order to pass the exam and receive the ACP certificate.
The certificate is officially issued by TÜV Rheinland and is valid for three years. The official accreditation can be accessed online in TÜV Rheinland’s official certificate database. This ensures safety against fraudulent quality marks and certifications.
Participation in the corresponding training (e.g. ACP Level 1 “Foundation” online/on-site) is a prerequisite for acceptance to the respective examination.
The booking and handling of the participation in the examination is done via the CYRES Academy Online Learn Platform
For the role
At the level of individual roles, it must be ensured that individuals involved in cybersecurity matters within the organization have the associated competencies and awareness of cybersecurity to adequately fulfill their responsibilities.
For the project
At the project level, it shall be guaranteed that the awareness as well as the required competencies around cybersecurity are given along the necessities of the project. This includes not only providing resources and expertise, but also creating awareness.
For the organization
The organization is not only responsible for defining and applying the cybersecurity policy and the associated organization-specific rules: it must also ensure that the cybersecurity culture is fostered and maintained, and provide documentary evidence of this.
Organization-specific custom content (training and ACP framework)
Holistic cybersecurity competence management means that, in addition to standardized state-of-the-art technical knowledge, organization-specific cybersecurity application know-how (such as policies, regulations, processes, etc.) must also be included to the required extent. Therefore, the adaptation and extension of the learning content is easily possible in the automotive cybersecurity training. The ACP Framework also offers the possibility for customer-specific adaptions at all certification levels.
Cybersecurity certification tailored to roles and functions
From OEM to Tier-N supplier, all involved actors in the automotive value chain have touch points with cybersecurity. Every single role along the entire product lifecycle has specific cybersecurity competency and awareness requirements to meet. The organization has an obligation not only to develop this (e.g., in the form of training), but also to provide the evidence required.
The ACP Framework provides the holistic competency management framework for this:
- ACP Level 1 Foundation: This level is the basis for cybersecurity in the automotive industry. It is aimed at everyone with interfaces to cybersecurity activities.
- ACP Level 2 Advanced: This level is more in-depth for employees who are directly involved in cybersecurity issues or are required to cooperate accordingly.
- ACP Level 3 Expert: This level (divided into engineering and management) is for employees with broad and deep cybersecurity responsibilities. (Relevant work experience is part of the prerequisites).
Detailed information on the certification regulations will be available here shortly, in advance only on request.
The ACP training courses of the CYRES Academy in Munich stand for field-proven automotive cybersecurity training courses – designed with more than 70 experts from the automotive industry. Whether as on-site training or online live training (1 day / 3 days): In 2021, 200+ participants have already gone through the training programs.
Next to the delivery of trainings, CYRES Academy realizes (together with TÜV Rheinland) along the ACP examination and certification regulations also the related taking of examinations as well as the organization of issuing the certificates. With additional security measures, all exams can be handled online.
How do I book a training for the ACP Framework?
In addition to certification within the ACP Framework, the CYRES Academy also offers its own automotive cybersecurity trainings, as public trainings as well as organization-specific variants. Find current public dates at CYRES Academy Online Learn Platform.
How do I get an ACP Framework certificate?
Depending on the certification level along the ACP Framework (Foundation, Advanced and Expert), certain requirements have to be met, such as participation in the corresponding training, passing the exam or professional experience (Expert level).
What is the ACP Framework?
The Automotive Cybersecurity Professional Framework establishes an industry standard to meet (along ISO/SAE 21434, UN R155 and beyond) the evidence requirement for organization-wide automotive cybersecurity competence management.
How can I get started with the ACP framework?
At the training and certification level, you will find all the information you need on these pages. You want to actively support the further development and establishment of the ACP Framework? Become part of the ACP Framework Initiative. For more information, see below.
A holistic, organization-wide framework for building cybersecurity competencies and culture: Learn more about the ACP Framework now. Contact us.
Be part of the ACP Framework Initiative!
In the ACP Framework Initiative, relevant players in the automotive industry (from OEMs to Tier-N suppliers as well as other suppliers along the value chain) are committed to establishing a standardized competence management and certification framework in the field of automotive cybersecurity.
The work of the ACP Framework Initiative is intended to promote the practice-oriented further development and long-term implementation of the Automotive Cybersecurity Professional (ACP) Framework in the automotive industry.
Acceptance as a partner of the initiative, continuous exchange of experience, participation in the advisory board as well as special benefits for partners of the ACP Framework Initiative: Request your information material on the partnership agreement now. We are pleased about your interest.
Phone: +49 (0) 89 9542 808 00