We are your partner for excellence in consulting and engineering services for the development work of tomorrow’s mobility. Leading OEMs, tier-n suppliers and technology providers trust in our services when it comes to strengthening their organization, processes and structures as well as specific development projects against threats and optimizing them for maximum development process efficiency and quality. Discover our service portfolio for Automotive cybersecurity (organization/project), Functional Safety, Software update management system, Systems engineering, ASPICE and more.

Send inquiry

The Vital Components of Cybersecurity and System Integrity in Automotive Innovation

In the ever-evolving automotive industry, where innovation and connectivity redefine the driving experience, safeguarding tomorrow’s vehicles demands a a comprehensive approach to cybersecurity, system integrity and the underlying processes and organizational structures.

Within this dynamic landscape, Cybersecurity, Functional Safety, Software Update Management Systems, and Systems Engineering emerge as essential components throughout organizations and projects. These pillars collectively form the bedrock of digital defense, ensuring the resilience, reliability, and integrity of automotive systems against an array of cyber threats and technological advancements.

In an era where the automotive sector stands on the cusp of unprecedented transformation, the significance of these services cannot be overstated, guiding the industry towards a secure and prosperous future on the roads ahead.

Cybersecurity at organizational level

From product to organization: Managing cybersecurity for OEMs & Tier-N

The cybersecurity of tomorrow’s mobility requires far-reaching transformations throughout the industry today. Organizations in the automotive and vehicle industry, both OEMs and suppliers along the entire value chain, are faced with the obligation to initiate a change – not only in terms of the need for security of products, but also in terms of organization-wide requirements for structures, processes and management systems.

UN Regulation No. 155, for example, requires OEMs to set up and maintain a Cybersecurity Management System (CSMS), which also involves suppliers. The accompanying industry standard ISO/SAE 21434 takes a dedicated look at procedures and processes in development projects, organizational structures or matters relating to competence development and culture from a cybersecurity perspective.

CYRES Consulting’s consulting units are considered to be among the leading experts worldwide in the field of strategic guidance and operational implementation of automotive cybersecurity. Accordingly, we offer you a wide range of services in the development and implementation of the CSMS (OEM/Tier-n), around the application and compliance with ISO/SAE 21434 as well as in organization-specific adaptations with regard to cybersecurity risks along the entire product lifecycle.

In addition, we offer you needs-based services relating to automotive cybersecurity gap analyses, assessments, audits and more.

Implementing a Cybersecurity Management System (CSMS) in line with the requirements of UN R155 involves a variety of tasks for OEMs: bringing together undefined and disconnected process landscapes, building bridges between management/governance and development and making far-reaching decisions on risk and quality management in relation to cybersecurity.

Creating the right framework requires not only expert know-how, but also dedicated resources to tackle all fields of action associated with the CSMS. From a number of processes, measures and procedures in development and engineering practice, supplier management and cybersecurity-related responsibilities throughout the entire product lifecycle, to monitoring in the field and incident response management – the CSMS needs to be seamlessly integrated into existing structures and process landscapes while meeting regulatory requirements.

Ultimately, the aim is to meet the expectations of technical services/registration authorities with the OEM CSMS in order to obtain type approvals for vehicles. The objective of our service offering is to assist you as efficiently as possible with the CSMS implementation and management with our extensive understanding of previous OEM CSMS implementations and audits.

Our in-depth understanding of cybersecurity engineering and cybersecurity management practices offers particular added value in maintaining existing organization-specific approaches within the CSMS and working with you to bring them to the required compliance level.

Although UN R155/CSMS officially addresses OEMs first and foremost, the setup and establishment of a Cybersecurity Management System is also a challenge for Tier-X suppliers. With our well-proven approach of implementing a CSMS, we address the most important fields of action: starting with disconnected and not holistically defined process landscapes – especially with pitfalls between organization/management and product development – to neglected cybersecurity risk management and insufficient involvement of relevant stakeholders.

Based on our approach, we integrate seamlessly into existing process landscapes (such as the quality management system) and take into account both standard requirements and existing automotive-specific engineering practices (ASPICE, etc.). The focus is on defining cybersecurity engineering and management processes that are aligned with organization-specific value creation processes and market best practices in product cybersecurity risk management.

At the same time, our approach is flexible in order to adapt CSMS solutions to the size of your organization and the respective scope (software, systems, etc.) and to take appropriate account of OEM expectations for these different areas. In this way, we ensure from the very beginning that customer requirements and documentation responsibilities are addressed sustainably throughout the entire product lifecycle.

The proper integration of appropriate procedures with regard to the implementation of cybersecurity in development projects in the automotive industry is achieved through the definition and continuous improvement of cybersecurity processes.

Particularly with regard to consistency, reusability and adequate documentation of cybersecurity-related elaborations, it is important to ensure a holistic embedding of cybersecurity in line with relevant requirements.

A modular approach can be taken here: from the level of specific activities to the level of particular projects all the way to a company-wide process landscape.

It is also clear that the successful deployment of standard-compliant cybersecurity requires seamless integration into existing development processes and meeting specific customer requirements.

With our in-depth understanding of cybersecurity requirements and widely ramified process landscapes, we strive to make cybersecurity a driver for sustainable process efficiency.

In doing so, we address the overlaps between cybersecurity engineering and management processes and other existing process landscapes in order to make the best possible use of synergies and maximise efficiency.

ISO/SAE 21434 has become the main reference point for cybersecurity engineering in the automotive industry.

With the help of our standard-compliant ISO/SAE 21434 templates, including guidelines and checklists, you can successfully create the respective work products.

You can either rely on our pool of existing templates or ask us to develop/adapt templates tailored to your specific organization/processes.

This has the advantage of seamless integration into existing systems and processes while at the same time complying with the cybersecurity requirements of the standard.

Our services also include a detailed analysis as well as specific adjustment recommendations for existing processes, documentation and documents – also from a UNR155/CSMS perspective.

With our ISO/SAE 21434 templates, you can ensure that all relevant ISO/SAE 21434 requirements are taken into account and that the application of the standard is fully documented, allowing you to ensure field-proven cybersecurity compliance (also with a view to upcoming audits).

With our dedicated audit preparation services in accordance with UN Regulation No. 155 CSMS and ISO/SAE 21434, we are there to help you develop an organization-specific understanding of the challenges of cybersecurity audits and prepare solutions in line with the existing general conditions.

Our approach combines in-depth expertise in regulatory/standard compliance with extensive practical expertise in common approaches and solutions within vehicle development and the automotive industry.

We understand the requirements of auditability and the typical solutions that organizations find, which enables us to identify potential weaknesses and prioritise them appropriately to counteract risks in audits at an early stage.

Our practice-oriented approach aims to develop resource-efficient, customized solutions that take into account both institutional and client-side audit procedures in business relationships in an adequate and industry-standard manner.

This results in effective audit preparation that not only paves the way for the desired compliance, but also takes appropriate consideration of organization-specific challenges and tailored solutions.

With our independent services for conducting audits against the ISO/SAE 21434:2021 standard, we offer companies in the vehicle and automotive industry the opportunity to carry out a comprehensive auditing process in line with ISO/SAE 21434.

With automotive cybersecurity as a new domain, there is often a widespread lack of necessary qualifications and competences to conduct audits that meet specific cybersecurity requirements (e.g. according to ISO/SAE 21434).

It is also a challenge to be able to neutrally analyse and evaluate cybersecurity-specific elaborations and solutions. This is precisely why we can be brought in as a neutral authority.

Given the fact that we are not only one of the world’s leading specialists in ISO/SAE 21434, but have also been able to get to know solutions for the application of ISO/SAE 21434 in countless organizations and projects worldwide, we are now able to provide a well-trained view from an auditor’s perspective. The objective of our ISO/SAE 21434 auditing is to professionally review the compliant application of the standard.

By taking not only a theoretical but above all a practice-based look at the elaboration of specific work products, we can ensure that the requirements, recommendations and possibilities of the standard have been adequately taken into account.

In doing so, we always act with a situation-orientated hands-on approach, close to the real value creation processes of everyday automotive practice. The audit scope can also be customized and expanded as required.

One of the responsibilities that UN R155/CSMS entails for the OEM is the risk management of involved suppliers. As a result, the requirements for implementing a Cybersecurity Management System (CSMS) are forwarded along the value chain and in vehicle development business relationships.

Affected companies are faced with the challenge of finding out what their own CSMS maturity level is without the necessary expertise and under time pressure – often with insufficient backing from management – and without clear responsibilities.

In these situations, we can help with the systematic development of a gap analysis on CSMS potential: As a neutral authority with far-reaching market insights and an understanding of organization-specific solutions, we are able to build a bridge to the requirements of the CSMS.

Our service consists not only of theoretical finger-pointing, but also of a dedicated breakdown of deficits and inadequacies to show what is needed to implement demonstrable solutions.

We help with the interpretation of requirements and assist in the definition and development of responsibilities and structures for a sustainable CSMS implementation – aligned to specific customer requirements in the respective business scope.

When it comes to auditing the Cybersecurity Management System (CSMS) every three years in order to prove compliance with the CSMS guidelines in the form of a Certificate of Compliance, this regularly confronts organizations with complex, cross-functional challenges.

With our many years of expertise in supporting globally active OEMs through all phases of a CSMS (from setup to successful auditing), we are now an internationally valued partner for conducting a holistic CSMS compliance gap analysis.

In particular, we are known for our extensive knowledge of the interpretation of CSMS requirements and UN Regulation No. 155, enabling us to provide consistent, field-tested compliance assessments.

Nevertheless, our approach to gap analysis is not only based on a theoretical perspective, we also know how to address the complex requirements of the CSMS within an organization in a targeted manner – across divisional, functional and departmental boundaries.

At the same time, we follow systematic procedures in the organization and preparation of the necessary documentation, documents and procedures.

Use our practical experience to initiate an objective evaluation of your current CSMS compliance in order to pave the way for the development of company-specific solutions for a CSMS audit.

When it comes to preparing for an upcoming cybersecurity audit in the automotive industry and having to finalize the last findings, gaps and pending tasks at short notice, time pressure and a lack of experience/competence will inevitably lead to inadequate results.

At the same time, in the increasingly high-prioritized context of auditing cybersecurity for regulatory and business purposes, it becomes essential to be able to provide proper evidence of conformity.

This is because it is not only important to do the right thing, but also to ensure that the right thing is applied correctly.

In other words, compliant solutions must be developed that can withstand an audit.

With our cybersecurity audit remediation services, we specifically address the weaknesses and inadequacies identified in order to close gaps in a compliant manner.

Thanks to our experience from projects with leading OEMs and local authorities, we have precise knowledge of what it takes to successfully pass an audit of procedures, processes, documentation, individual documents and users in the process.

We act as an interface to systematically bring the necessary work and organization-specific solutions to the required compliance level across all functions. You can utilise our services according to your needs: from recommendations and guidance all the way to practical services in the elaboration of the required work packages.

Although the ASPICE process model is already widely used in the automotive industry, the ASPICE for Cybersecurity extension is still very much uncharted territory, especially for many suppliers.

Accordingly, an assessment in this field is characterized by uncertainty as to what exactly is to be expected.

At the same time, specialists in ASPICE often lack the necessary background and practical knowledge when it comes to the complexity of implementing cybersecurity.

With our ASPICE for Cybersecurity services for compliance support, assessments and gap analysis, we offer specialized consulting support to help suppliers meet ASPICE cybersecurity requirements.

Our approach includes a comprehensive gap analysis to identify any gaps in the current compliance status and develop tailored solutions to close them.

By combining a deep understanding of ASPICE with specialized cybersecurity expertise, we enable our clients to effectively prepare for assessments to ensure they are compliant.

This targeted support not only helps with successful compliance assessments, but also strengthens internal awareness and skills in relation to the sustainable application of ASPICE for Cybersecurity.

The introduction of cybersecurity processes within the framework of ASPICE, or ASPICE for Cybersecurity, is becoming more and more demanded by OEMs in the vehicle and automotive industry. However, many suppliers often lack the necessary knowledge for implementation.

With our dedicated customized coaching and training offers on ASPICE for Cybersecurity, we support suppliers in the needs-based integration of cybersecurity into their ASPICE processes.

Similar to our ASPICE coaching service, it is not just about fulfilling external requirements, but also about taking cybersecurity into account as a valuable driver for improving process efficiency and quality.

Our ASPICE for Cybersecurity coaching includes training, expert advice and active support in the implementation of adjustments and changes. We help teams to understand and accept the cybersecurity requirements in the context of ASPICE and to implement them effectively in day-to-day project work. In doing so, we draw on our extensive experience in the automotive project business and pursue the objective of not only ensuring compliance, but also creating real added value for working methods.

With our support, companies realize that cybersecurity and ASPICE for Cybersecurity should not be seen as additional hurdles, but rather as opportunities to optimise processes and sustainably increase the quality of products and workflows. The aim is to develop a deep understanding of the approach to cybersecurity in the ASPICE process model and to achieve seamless adjustments to existing processes.

Cybersecurity at project level

Cybersecurity engineering services for automotive development projects

In the ever efficiency-driven world of vehicle and automotive development, proper cybersecurity engineering is currently becoming an Achilles’ heel. Worldwide, the entire industry lacks expert knowledge, practical know-how and reliable experience in the correct implementation of automotive cybersecurity.

At the same time, technically challenging development projects and the increasing emergence of regulations and industry standards require a growing allocation of resources.

With our full-service offering in cybersecurity engineering, we offer to take on complete cybersecurity engineering activities as required. From large OEM/platform projects to “fire fighting operations” in which cybersecurity implementations have to be properly realized under time pressure.

We are characterized by the fact that we can not only draw on a wealth of experience from challenging cybersecurity development projects, but also start with practical templates and hands-on best practices. This makes it possible to reduce resource expenditure and at the same time ensure compliance with cybersecurity requirements.

In addition, we enable scalability through the demand-orientated deployment of our work teams and experts, tailored to given project and work structures. The objective of our full-service support in cybersecurity engineering is that we can take full responsibility for all necessary activities, ensure compliance with all cybersecurity requirements and thus completely relieve your internal team.

All too often, complex development projects in the vehicle and automotive industry require highly specialized expertise when it comes to the operational implementation of cybersecurity, which often needs to be integrated into existing development work in the ongoing project at short notice. We offer you precisely this cybersecurity engineering support as a flexible, on-demand service.

Call in our cybersecurity engineering specialists on a selective basis when it comes to implementing cybersecurity measures in the vehicle development context with external support.

Our experienced experts have extensive practical knowledge of cybersecurity engineering and the implementation of cybersecurity requirements in the automotive development context.

In flexible forms of cooperation, we can efficiently implement various work tasks and work packages in the areas of software/hardware (among others) as an external support function, taking into account given cybersecurity requirements and customer specifications.

Thanks to our many years of practical experience in the automotive environment (both directly in the OEM environment and on the side of leading international Tier-n suppliers), we can ensure with our services that solutions adequately meet the requirements along the ISO/SAE 21434 and UN R155 CSMS.

Within the complex tasks of vehicle development projects, those responsible for the implementation of cybersecurity in companies are confronted with a particular lack of practical experience.

Obviously, automotive cybersecurity is still a relatively young domain compared to other disciplines. At the same time, limited budgets, critical time constraints and general weaknesses in terms of documentation, processes and knowledge transfer make the situation even more difficult.

Our cybersecurity expert coaching approach is designed to counteract this problem appropriately. We not only want to offer comprehensive insights and expertise from global vehicle development projects, but also tailor the support to the individual needs of your company or development project.

The objective of our cybersecurity coaching is to expand internal expertise and thereby achieve sustainable improvements. We place a particular focus on practical guidance and methods that enable efficient and time-saving empowerment.

Through on-the-job guidance, we support your team not only in the implementation of cybersecurity measures, but also in the creation of reliable processes and documentation based on the principle of help for self-help.

This strengthens your ability to effectively manage cybersecurity requirements in the project, in the team and as an organization, thus ensuring the security and quality of your vehicle development projects in the long term. Customized options for support and empowerment can be realized here.

The integration of cybersecurity tests into the Verification & Validation (V&V) process, as required by ASPICE, as well as compliance with specific requirements, such as UN R155, poses challenges for many companies. There is a lack of awareness of the necessity and the required information to correctly integrate cybersecurity tests into e.g. existing software tests in a holistic manner.

In addition, the need for cooperation between different stakeholders such as the cybersecurity manager, developers/engineers involved and the test and validation team makes defining specific responsibilities for cybersecurity in the V&V process a mammoth task.

Our V&V consulting services include an in-depth understanding of the cybersecurity V&V requirements defined by standards/regulations. We provide all stakeholders, including the cybersecurity manager and those responsible for testing and validation, with an initial overview of the requirements. This includes specific information on the roles and responsibilities of each stakeholder in the cybersecurity V&V process, the applicable test methods for cybersecurity testing and the required input and output data for the process.

With a checklist/questionnaire for the planning of the V&V process, we prepare a detailed procedure for the V&V process together with the client, including all process steps, inputs and outputs, in order to consistently fulfil the applicable requirements. The objective is to create clarity, establish efficient and regulation-compliant V&V processes for cybersecurity and ensure that all necessary requirements are met.

With our software stack configuration services, we use our expert knowledge to accelerate the decision-making process for the software stack along different OEM specifications and concepts for your ECU projects.

We take care of the integration of security components in AUTOSAR stacks (e.g. Vector), the configuration of security-relevant stack components according to the given requirements or along the concept, as well as debugging the configuration or ensuring that the configuration fulfils the requirements.

Our work in this area is characterized by extensive expertise in questions of applied cybersecurity in the automotive industry. Not only do we understand the specific requirements, but we also ensure that the configurations made fulfil the OEM/concept specifications.

We assist with security configuration troubleshooting and provide a comprehensive understanding of cybersecurity, resulting in an overall secure configuration.

With our in-house expertise in cybersecurity for embedded systems, including HSM, peripherals and cryptographic modules, as well as advanced knowledge of common cybersecurity solution approaches in the automotive industry, utilising our SW stack configuration services offers you fundamental added value for the secure configuration of your SW stack.

At present, the position of a Cybersecurity Manager in the vehicle and automotive industry is one of the most pressing vacancies, which often has to be temporarily filled on an interim basis, simply in order to be able to correctly assign responsibility for cybersecurity within the organizational structure. At the same time, it is often unclear which responsibilities are actually to be assigned to the cybersecurity manager within the scope of existing and new development projects, and how exactly this is to be done.

With our Interim Cybersecurity Manager service offering, we address precisely this and establish an interim solution approach for you in-house, in which the responsibilities of the cybersecurity manager are defined in detail and in line with the applicable CSMS processes. By defining specific tasks and responsibilities for the cybersecurity manager, we work with you to establish a targeted and effective integration of cybersecurity requirements into all phases of the project lifecycle. In line with your organization-specific challenges, we establish a setting for you in which it is clear to what extent the cybersecurity manager can take on both a leading as well as a supporting role, depending on the respective project requirements.

The objective of our Interim Cybersecurity Manager services is to strengthen the structural/organizational alignment of the Cybersecurity Manager function within your organization and to create a clear framework for cybersecurity activities within your organization and ongoing development projects. This approach is not only intended to temporarily fill a gap, but rather to encourage a proactive and systematic approach to cybersecurity tasks in the long term.

Within the wide-ranging dimensions of the automotive value chain, an efficient approach to supplier selection is of immense importance – especially with cybersecurity as an additional quality dimension that needs to be adequately integrated into the selection process.

Especially when it comes to evaluating the extent to which the products, systems, tools and services used comply with internal guidelines and requirements in a standardized and precisely thought-out manner.This is precisely where organizations in the vehicle and automotive industry often need to take action.

On the one hand, there is a lack of exactly these guidelines and, on the other, a lack of the necessary expertise and resources to establish them and to implement them in practice efficiently with a focus on aligned communication.

With our specialized range of services in supplier evaluation and selection, we support you in the evaluation and selection of suppliers. In doing so, we contribute our expertise for adequate evaluation to existing processes and at the same time strive to provide detailed, needs-based catalogues of questions for evaluation and selection. In parallel, we promote the development of the necessary knowledge on the side of the client.

Our objective is to simplify the supplier evaluation and selection process – also with regard to service interface agreements, such as the Cybersecurity Interface Agreement – and to promote the transparent handling of expectations and responsibilities in order to bring the selection process to a higher maturity level.

How do your suppliers take cybersecurity requirements into account? And, almost more importantly, to what extent are you capable of assessing this properly?

These are questions that require special attention in the automotive and vehicle development sector. With our cybersecurity supplier management services, we support you when it comes to systematically tackling a lack of insight, verifiability and control in cybersecurity matters on the side of involved suppliers and contractors.

We provide support in the expert assessment of cybersecurity capabilities: What is the state of cybersecurity practices, policies, actual performance and overall maturity along market standard practices? Here we provide support in supplier management (Cybersecurity interface agreement, SLAs, etc.), dealing with cybersecurity requirements as well as operationally in questions of (real-time) monitoring with the help of advanced tools and solutions.

The aim is to ensure consistent consideration and efficient expectation management of cybersecurity requirements in supplier management, even in complex collaborations and supply chains, in order to guarantee effective security practices along the entire value chain in the long term.

The proper execution of cybersecurity assessments requires a high degree of distance and objectivity in order to ensure that cybersecurity-relevant practices, guidelines, processes and structures are analysed in an unbiased manner.

There is often a lack of appropriate structures/functions and the necessary methodological toolbox within the organization itself – both on the side of the auditing entity and the audited entity – in order to be able to carry out the assessment work correctly and holistically.

With our range of services for conducting cybersecurity assessments in the automotive and vehicle industry, we offer you the expertise (including a high level of understanding of regulatory cybersecurity compliance requirements) as well as reliable experience from international cybersecurity assessment projects in the multifaceted industry.

As a result, you benefit from objectivity to conduct an independent assessment that provides truly meaningful compliance/non-compliance evaluations. At the same time, with our in-depth cybersecurity and automotive expertise, we know how to implement the assessment with the functions involved on an eye-to-eye basis.

The aim of our range of services is to provide you with the full service of a cybersecurity assessment in line with your needs and still characterized by the highest professional standards.

In the traditionally quality-conscious automotive industry, assessments, especially in the area of cybersecurity procedures, are always of major importance.

It is essential to counteract the risks of possible contractual penalties, loss of time and loss of business in advance as effectively as possible – by preparing professionally for upcoming cybersecurity assessments. This requires available capacities and the necessary knowledge of the assessment procedure and related requirements.

Thanks to our in-depth technical expertise, both in terms of the methodological approach (institutional and client-side) and the content of cybersecurity topics, we act as a valued point of contact for situation-specific support.

We make reliable statements and offer you assessment preparation services that you can count on. By commissioning our consulting units, you benefit from a wealth of experience in standard market practices in the field of assessment, evaluation and analysis in cybersecurity assessments, as well as established best practices in the identification and elimination of potential deficits with the help of pragmatic solutions. This enables you to be optimally prepared for upcoming cybersecurity assessments – parallel to your core business.

Current development projects in the vehicle and automotive industry are presenting OEMs and involved suppliers equally with the challenge of ensuring the implementation of cybersecurity measures efficiently and in line with given customer and regulatory requirements. This involves adapting procedures along the entire product life cycle in order to seamlessly integrate cybersecurity into existing development process landscapes. At the same time, it is important to find the right solutions for numerous operational issues in the development of cybersecurity: from service interface agreements between OEM/Tier-n over V&V and testing strategies to Software stack configuration, cybersecurity assessments and more.

Based on years of experience, the consulting units of CYRES Consulting are considered as highly appreciated experts worldwide when it comes to finding tailored cybersecurity engineering solutions for complex development projects. Whether as a “full takeover” with responsibility for the execution of the entire cybersecurity engineering activities or as an interim cybersecurity manager, we can always provide needs-based support that is required for successful cybersecurity implementation – right up to very specific enablement or operational support for the implementation of cybersecurity controls, holistic elaborations using the threat analysis and risk assessment (TARA) method, and more.

Functional safety

Functional Safety & ISO 26262: Services for safety-compliant development

The domain of functional safety and the consistent and efficiency-oriented application of ISO 26262 are among the basics of modern automotive and vehicle development work today. Especially in increasingly complex development projects, the effective and holistically interlinked consideration of functional safety plays a key role.

Accordingly, the elaboration of functional safety is becoming an essential qualitative criteria in development projects and should always receive the highest attention, also with regard to compliance and customer requirements.

With our extensive expertise and international teams in operational elaboration, we provide you with comprehensive support in the organization-specific management of functional safet requirements – in the project, at the organizational level, in process definition and improvement, as well as in assessments and audits.

At the same time, we can provide hands-on, on-demand services to support your functional safety projects, both in specific functional safety engineering and in steering management.

With our extensive experience in functional safety, CYRES consulting can offer end-to-end services, defining, integrating, and tailoring bespoke processes thus achieving ISO 26262 compliance. FuSa Handbook, guidelines, templates, and checklists are all part of the service, ensuring that tasks are executed in an organized and structured manner.

Additionally, we offer comprehensive audits to analyze the implementation status within the company and provide customized findings and feedback to achieve compliance with the ISO 26262 and Automotive SPICE standards.

Our team is highly experienced in all aspects of functional safety, ranging from concept phase involving creation of item definition, HARA, functional safety concept, technical safety concept, to managing system, hardware and software engineering teams to achieve functional safety for a range of products.

We offer confirmation measure solutions through our I3 level independent experts. Our well established and proven in use functional safety working model enables us to fully cover the required confirmation measures from the Table 1 of the ISO 26262-2.

Our team performs gap analyses to analyze the status-quo and check if the project followed all the steps outlined in the standard and possibilities of tailoring. Further, we offer support for project level FuSa assessments by detailed evaluation of the Work Products, evidences for the independence achieved, and other recommendations derived from the ISO 26262 standard.

Software Update Management System

Services for Software Update Management System (UN R156) & SW UPDATE ENGINEERING (ISO 24089)

In parallel to the requirements of cybersecurity, the domain of Software Updates and the Software Update Management System (SUMS) is becoming of vital importance for the automotive industry, both for OEMs and for suppliers involved along the entire value chain. A topic with implications for the entire product lifecycle. At present, expertise, best practices and reliable experience from automotive practice are rare.

When it comes to the establishment and implementation of the SUMS (in accordance with UN Regulation No. 156 and ISO 24089), our range of services focuses on providing sustainable support in designing and optimizing systems and processes in such a way that they meet the regulatory requirements for proper software updates and associated security/reliability while ensuring process efficiency.

Our specialized services include initiating dedicated Software Update Management System Gap Analysis, where we examine current processes in detail and identify discrepancies with requirements and derive recommendations for action.

At the same time, we provide support in the design, development and optimization of SUMS processes. This also includes customized competence development measures, training and advanced education offers as well as accompanying support in the preparation and implementation of SUMS assessments and audits.

Benefit from our expertise and skills in automotive SUMS to sustainably increase your organization-specific maturity level in the handling of software updates and align it with regulatory compliance requirements in accordance with UN R156/ISO 24089.

Implementing a Software Update Management System (SUMS) in line with UN Regulation 156 at OEM level requires the right understanding of the urgency, organization-wide impact, as well as breadth and depth of stakeholders, functions and departments to be involved.

With our experience in building compliant software update procedures paired with extensive expertise in the regulatory requirements of UN R156/SUMS and ISO 24089 Road vehicles – Software update engineering, our services in building a SUMS in the vehicle and automotive industry are increasingly in demand.

Based on many years of experience in automotive organizations, our approach is characterized by close cooperation with the client. The objective is to precisely understand client-specific conditions and given specifications. Based on this, we work closely with the client to develop a customized approach that forms the basis for meeting regulatory requirements.

The SUMS implementation then needs to be approached systematically. Before the project begins, we carefully structure the project into specific phases, topics and planned activities, including cost estimates. A common understanding of the project structure and timetables must be ensured, also by involving stakeholders from different departments and coordinating with them in each phase of the software update process.

This information is brought together, detailing the roles and responsibilities associated with the SUMS, to ensure clear accountability and streamlined communication along the procedures required for secure software update engineering and software update management.

Implementing a Software Update Management System (SUMS) (in accordance with UN R156) is not just a task for manufacturers; Tier-n-suppliers are also affected in various ways with their systems and solution approaches.

From specific responsibilities in the software update process to effective communication channels and ways of exchanging information with OEMs – it is important to develop a holistic understanding of the requirements of UN R156 and ISO 24089 on the supplier side and to fulfil the corresponding needs.

Our SUMS implementation services for vehicle and automotive suppliers provide support in this regard. Our approach focuses on working closely with the supplier to understand the processes in interaction with OEMs and at the same time to communicate the principles of the SUMS. The objective is to ensure that all parties involved across all functions understand the requirements resulting from regulations and standards and can effectively orchestrate the organization-specific implementation.

This is achieved through targeted consulting combined with effective training and knowledge transfer. In addition, our services consist of promoting the establishment of direct and effective communication channels between suppliers and OEMs in order to optimise the implementation of software updates. This enables the necessary level of compliance to be created while at the same time benefiting from best practices in the industry.

What is your current maturity level with regard to the requirements of the Software Update Management System (SUMS) in line with UN R156? Software updates are meanwhile common practice in the automotive and vehicle industry – but to what extent does the regulatory framework (and related standard, ISO 24089) have an impact on this? Interpreting the conditions and requirements is becoming a challenge for organizations.

Our SUMS potential gap analysis services help you to analyze your organization-specific status quo – both as an OEM and in the role of a Tier-n supplier. As UN R156 and its interpretation are applicable to OEMs, suppliers in particular are faced with the complex task of correctly identifying and implementing the specific requirements placed on them.

With our gap analysis services regarding the potential in the area of SUMS, we offer you the necessary expertise and resources to carry out a systematic analysis. We analyze existing processes, structures and procedures in a targeted manner, identify potential weaknesses and indicate future compliance gaps.

At the same time, we help you to develop practical solutions: Based on our expertise in comparable projects in the automotive industry, we help you to set up tailor-made solutions to address the exact requirements of your organization.

Our aim is not only to identify the gaps to full compliance with SUMS (along UN R156) and requirements of Software Update engineering (ISO24089), but also to provide you with reliable recommendations for efficiently eliminating the organization-specific gaps.

Is your organization (OEM/Tier-n) already at a certain level of maturity when it comes to preparing, setting up and effectively implementing the Software Update Management System and correct ways of Software Update engineering (along UN R156, respectively ISO24089)?

Then the systematic analysis of the status quo with a view to the level of compliance that needs to be achieved is the last critical step. This is precisely where our gap analysis compliance SUMS services come in. The offer is targeted at organizations that have already raised their structures and processes to an appropriate level with intensive preparatory work and are now faced with the question of the extent to which they already fully achieve the required regulatory compliance level.

This requires in-depth specialist knowledge of UN R156/ISO24089 in combination with reliable expertise from comparable assignments in practice (both on the OEM and Tier-n side).

Use our services to systematically uncover possible weaknesses and compliance risks in order to be able to initiate granular solution approaches, which will be necessary to close these gaps in a compliant manner.

Our goal is to provide you with a dedicated resource with our expertise to support you on the final steps to full compliance with the requirements of UN R156/SUMS and ISO24089.

In the vehicle industry, the implementation of a Software Update Management System (SUMS) in line with UN Regulation No. 156 requires a far-reaching adaptation of existing processes and the establishment of new processes.

Existing processes need to be adapted to the requirements of secure software update procedures. In our field-tested approach for this, we work together with the client to bring together the SUMS requirements with the specific circumstances of the process adaptations on the client side in a centralized manner.

This provides the starting point for tailoring processes together with the customer. It involves a wide range of adjustments, including the roles and responsibilities associated and more.

With our focus on long-term process optimization we improve procedures in update management beyond mere compliance with regulations.

When it comes to properly eliminating gaps and weaknesses identified in a Software Update Management System audit, there is often a lack of in-depth expertise, reliable experience or just a lack of resources to remedy the shortcomings. This is often made more difficult by critical timelines.

With our range of SUMS audit troubleshooting services, we are ready to find and jointly design correct, sustainable processes and procedures for the deficiencies identified – appropriate to the organization and the given general conditions. Based on our field-tested approach in the adaptation of theoretical SUMS requirements to real automotive practice, we offer you expertise paired with hands-on mentality. In this way, processes and procedures can be raised to a level of compliance in a comprehensible manner.

We emphasize the importance of ensuring that all functions, organizational and process structures involved are always clearly linked and referenced to each other, so that responsibilities are clear in the area of software update management. This clarity enables small and medium-sized organizations in particular to find the answers they need and to deploy their resources in such a way that they can find the right solutions when it comes to a SUMS audit.

Our approach to SUMS audit troubleshooting is designed to ensure that organizations not only meet the requirements of the actual audit, but also that their efforts meet the challenges of the SUMS (along UN R156) and Software Update engineering (along ISO 24089) in a sustainable way.

The professional creation of templates, guidelines and checklists for specific work products of ISO 24089:2023 Road Vehicles – Software Update Engineering offers clients a fundamental added value when it comes to achieving standard compliance without unnecessarily overloading existing processes and documentation.

We also provide support in the design of guidelines and user instructions for integration into existing systems and tools in order to master the handling of new templates.

Our approach always aims to handle existing documents and processes with care. This means we carefully check the extent to which existing processes need adaptation to meet SUMS compliance.

With our practice-based templates for ISO 24089, which still allow adequate flexibility for customization, you can ensure that no important detail is overlooked and that you apply the ISO 24089 standard appropriately – without having to fundamentally change your existing working methods.

We support you in the systematic preparation for audits according to UN R156 and ISO 24089 in the Software Update Management System domain. In doing so, we act as a facilitator to bring together existing solution approaches and internal requirements with the methodically adequate implementation of SUMS specifications.

This is supported by the transfer of knowledge and expertise, for example through specialist training/coaching on SUMS (UN R156) and Software Update engineering (ISO 24089) for the most important stakeholders, in order to improve their understanding of the topic and to be able to successfully manage preparations together.

Through workshops and direct communication, we support clients in overcoming organization-specific shortcomings and resource bottlenecks. Based on extensive experience, we have developed a comprehensive guide to compliance with SUMS and Software Update engineering in accordance with ISO 24089, which systematically links all relevant work products and documents and brings together the roles/functions and procedures involved.

This guide serves as a reference for the audit preparation and facilitates the understanding of SUMS and Software Update engineering and thus enables a complete mapping according to the audit requirements at any time.

We provide a wide range of services for the holistic conduct of ISO 24089 audits to enable Tier-n suppliers in the vehicle and automotive industry to perform a neutral review of the application of the standard (in conjunction with UN R156/SUMS).

There is an industry-wide lack of expertise, qualifications, skills and experience in the field of Software Update Management (SUMS) and Software Update engineering in order to be able to carry out comprehensive audits in the area of compliant software update management processes.

At the same time, it is important to analyse and properly evaluate the organization-specific processes and implemented solutions in relation to SUMS and the application of ISO 24089 from a neutral perspective. This is where we offer you needs-based support to strengthen competencies, for example also with dedicated training courses and workshops on the topic.

By involving external cooperation partners who are even more specialized in the auditing of ISO 24089, we can offer you an overall, well-rounded service. With our support, companies not only receive the necessary specialist knowledge and skills to carry out ISO 24089-compliant audits, but also benefit from our interconnected expertise in the neighbouring and involved domains of functional safety, cybersecurity and information security (among others).

The objective of our customized services is to enable Tier-n suppliers to successfully master the challenges of ISO 24089-compliant auditing and at the same time create a deeper understanding of the requirements of the SUMS.


Expert support for automotive development: Systems Engineering, ASPICE and more

With our range of services as “Interim System Lead”, we act as your on-demand systems engineering experts in ongoing development projects. Especially in vehicle and automotive product and system development, the needs-based provision of systems engineering expertise is a key success factor for efficient project progress.

With our interim offer, which we deliver as a comprehensive consultancy service, you can bring dedicated specialists on board as required in a lean, customized setting. With us at your side, you can also just get started with laying the foundations for introducing the systems engineering methodology into your development structures.

In addition to our approach of using lean planning to create tangible added value along the customer-specific requirements in the interlinked value chain, we also create a framework for harmonizing development procedures with sales-relevant certification requirements.

Special added value for clients in the vehicle development industry: We have recently been entrusted with numerous product developments (at various Tier n level in cooperation with leading OEMs) in the areas of advanced (sensor) technologies for autonomous driving as part of our international consulting mandates.

You will benefit from our systems engineering experts’ and consulting teams’ extensive practical experience when it comes to complex systems engineering tasks (which also have to pay particular attention to safety and security).The objective of our offer is not only to provide temporary management of systems engineering activities to mitigate temporary resource bottlenecks in ongoing project developments with targeted systems engineering expertise in the best possible way, but also to raise your systems engineering in general to a higher level.

Sometimes things move faster than you might originally think in the multi-faceted business relationships within automotive and vehicle development. Accordingly, organizations and teams are often faced with specific problems at short notice with regard to budget restrictions and inadequate resource planning when it comes to necessary systems engineering work or associated measures and activities.

At the same time, development projects are complex and different domains and disciplines need to be brought together in the most effective way. With our systems engineering “full package service”, we offer you comprehensive solutions to support your systems engineering activities in the best possible holistic way, including concrete contribution by our specialists.

In addition to our know-how at system level, you can also benefit from our domain expertise in the areas of safety/functional safety and security/cybersecurity, in line with ISO 26262 respectively ISO/SAE 21434. This generally creates particular added value in order to ensure a systematic combination of disciplines within project development and for systems engineering procedures.

Benefit from our expertise to receive professional support in all aspects of system architecture, requirements engineering and system planning. At the same time, we always strive to lay the foundations for effective systems engineering practices and processes. The objective of our offer is to provide you with a uniform full service in systems engineering that will maximize the benefits of your development project.

The correct handling of requirements management, respectively requirements engineering, is a recurring challenge for organizations in their systems engineering work, for example when it comes to the precise definition of system requirements or the holistic understanding of system abstraction levels or incompatibilities between requirements and verifications.

Particularly in the multi-layered development projects of the automotive and vehicle industry, which often involve collaboration across organizational boundaries, a systematic approach is required. This is precisely where we support you with our systems engineering services in requirements engineering. Our particular advantage: with the extensive expertise of our international consulting units, both in platform and application projects, and far-reaching insights into various OEM and tier-n supplier projects, we are able to offer reliable support for challenging requirements engineering tasks.

Along with a deep understanding of your project needs, we are able to correctly and thoughtfully set up the handling of system requirements and verification requirements. The objective of our range of services is to provide you with the best possible and efficient support in the important domain of requirements engineering in order to be able to achieve successful developments despite increasing complexity.

In many development projects in the automotive and vehicle industry, the layout architecture of the (E/E) component to be developed is often incorrectly used as the basis for development – a holistic Systems Modeling Language (SysML) or Model-Based System Engineering approach is not applied. This approach more or less regards the methodically correct procedures and system architectures of systems engineering primarily only as part of the documentation obligations, but less as a value-adding practice in the development process.

However, a correctly set up system architecture in systems engineering – initiated holistically and at an early stage – can lead to extremely far-reaching increases in efficiency, minimization of risks and fewer resource problems during product development. It is precisely this establishment of a precise and comprehensible system architecture that we support with our systems engineering services for system architecture.

We not only have methodical know-how in the SysML/MBSE domain, but also support the development of a needs-based system architecture with an expert understanding of the requirements in order to deliver significant added value for practical development work.

The objective is to set up a comprehensible system architecture with clear system structures and relationships as a catalyst for efficient systems engineering work.

In the field of systems engineering in vehicle and automotive development, special attention should always be paid to the selection of the right tools. Making the right choice means taking a close look at requirements and given general conditions in development, as well as considering future optimization targets for effectiveness and greater efficiency in development processes.

As an organization, it is advisable to bring the necessary expertise in systems engineering tool support on board at an early stage. With our Systems Engineering Tool Support services, we support you in setting up and configuring the required systems engineering tools, from requirements engineering/requirements management through the entire architecture modeling up to the full range of application lifecycle management (AML).

We offer you specific support for the kick-off, for example in setting up requirements management tools and solutions such as CodeBeamer, DOORS, JAMA or Polarion. This ensures that you can get your requirements management up and running seamlessly and efficiently right from the start.

We also offer you support in setting up and configuring solutions for your architecture models, for example with Enterprise Architect or Cameo, in order to model your system architecture in the best possible tool-based way.

We are also happy to support you in the implementation of application lifecycle management tools. Our focus here is on clean interfaces between the tools and supporting your users and teams with custom user coaching and training. The objective of our systems engineering tool services is not only to support you in selecting and implementing the right tools, but also to ensure that these tools can make a sustainable contribution to maximizing project performance and efficient systems engineering processes.

We support you in the holistic and successful introduction of systems engineering practices in development projects for the automotive and vehicle industry.

Our systems engineering experts and consultants not only bring application-based know-how in the domain of systems engineering, but also have in-depth knowledge of what is required to enable organizations in systems engineering as a result of numerous systems engineering projects. Starting with the lack of definition of processes, areas of responsibility and activities, through inconsistencies in the handling of work product dependencies, requirements (etc.) to the very specific lack of expert systems engineers.

With our interdisciplinary expertise (interlinked between the domains of system, cybersecurity and functional safety), we are able to offer a wide range of guidance in development that also integrates the understanding and practical application of ASPICE-compliant processes.

At the same time, it is possible to incorporate templates and pre-defined work materials, which provide added value both for the actual development work and for the consideration of compliance with industry standards. The aim of our range of services is to provide you with expertise and tangible support to enable your systems engineering to work properly as early as possible in the development process.

Based on the fact that the systems engineering approach is used in many organizations in the automotive and vehicle industry first and foremost in order to be able to demonstrate this in corresponding assessments, the consequence is frequently that the associated processes in practice are not at the maturity level that enables genuinely efficient systems engineering practices.

With our services in setting up, defining and optimizing holistic systems engineering processes, we address precisely these deficits in order to improve the entire systems engineering-based product development process together with you.

Our approach is practice-oriented: Based on our broad experience in applied systems engineering processes and development projects in the automotive industry, we know how to include relevant aspects and thus establish solid, effective and efficient SE processes. The objective of this process optimization is to work with you to set up needs-based processes as guidelines for your systems engineering work.

In automotive and vehicle development, many responsible individuals, teams and even entire organizations often make mistakes when it comes to their self-perception of the maturity level and quality of their processes. These misjudgements can have far-reaching consequences and cascade into tangible problems.

Especially when it comes to assessing the extent to which the requirements of the Automotive SPICE standard/process model are already correctly fulfilled. Our experience shows that a gap analysis regularly reveals far greater deficits than previously assumed. It seems that no further adaptation measures are required, but the exact opposite is frequently the case. With our service offering of systematic ASPICE gap analysis and associated consulting, we provide you with the opportunity to carry out a far-reaching evaluation of your processes from an objective external perspective in order to uncover possible deficits and weaknesses in relation to the actual ideas of the process model in a dedicated manner.

This gives you the opportunity not only to carry out an assessment based on our in-depth experience in applied ASPICE practice, but also to receive reliable recommendations for improvement regarding identified gaps and weaknesses in your processes.

In conjunction with our other consulting services relating to successful ASPICE implementation, you can lay the foundation for raising your process quality and how processes are implemented in practice to a higher level. The objective of our ASPICE gap analysis is to show you possible weaknesses in processes that you might not otherwise have discovered without an experienced external perspective.

As with any adjustment to organizational structures and processes, working with the ASPICE process model is also a change project. From our experience, we know that clients often know what needs to be done, but the successful implementation of changes at project level or within the organization is still not successful. There are many different reasons for this.

Simultaneously, ASPICE is often only considered a necessity to fulfil the requirements of OEMs and not a tool that can actually improve processes and activities for everyone in the team. This is where our ASPICE coaching services come in. We provide targeted training, coaching and expertise to not only lead but also actively encourage change and improvement. The objective is to help team members to understand and adopt the defined processes and live them in their daily project work.

Through our ASPICE coaching services, teams recognize the added value of ASPICE not only as a fulfilment of external requirements, but also as an opportunity to optimize their working methods.

With our associated services, we focus on practical support and create awareness of the positive effects of ensuring effective process design. In this way, we transform the perception of ASPICE from a compulsory exercise to a central element of project development and improvement. Our approach enables teams to see process improvement as an integral part of their work and to integrate it sustainably into their project routines.

It is often difficult for the project team members involved in the depth of the project to detach themselves from their specific role and function within the respective development project in order to maintain a full overview of the project, which can often lead to a loss of general clarity within the organization.

With our ASPICE process modelling services, we offer you an external support function to identify relevant interactions within the project and with other departments to ensure appropriate communication and efficient workflows along the ASPICE model.

Thanks to our own in-house expertise in various domains and in exchange with technical experts, for example in the areas of cybersecurity, functional safety and systems engineering, we integrate specialist know-how in order to be able to approach the holistically correct consideration and modelling of processes.

The objective of holistic ASPICE process modelling is to increase transparency and understanding of the entire project through a clear representation of the process landscape. In this way, we help teams to better understand their role in the context of the overall project and promote effective collaboration across departmental boundaries.

This approach not only enables you to improve project coordination, but also helps to increase the quality and conformity of project results in line with ASPICE standards. With our expertise in ASPICE process modelling, you lay the foundation for successful projects and sustainable process improvement.

In the resource-strained development environment of automotive and vehicle engineering, it is important to always produce only the materials and documentation that is really required and do so as efficiently as possible. In an environment in which clients urgently need to avoid unnecessary work and at the same time have to cope with an extreme shortage of resources, our service offers a needs-based solution: the development of high-quality ASPICE templates.

Especially when times are stressful, for example due to intensive ongoing projects and tackling OEM requirements. We understand the typical customer challenges and offer an approach designed to minimize the documentation effort while ensuring the required ASPICE compliance.

Our approach is to develop proper and customizable templates that are specifically tailored to the customer’s needs as well as to the specifications related to the ASPICE modalities. These templates serve to simplify and speed up the creation of documentation by providing a clear structure and guidelines that can be directly integrated into the development process. By taking over the development of these templates, we enable you to focus on core competences while effectively fulfilling the requirements of ASPICE and OEMs.

Benefit from our needs-based services if your organization is faced with the challenge of creating and properly reviewing ASPICE-compliant process documentation under high time pressure and with limited resources. The correct quality assurance of these documents is crucial in the complex business relationships of the automotive and vehicle industry in order to fulfil OEM requirements and ensure efficient development processes.

Our services include a precise review of your ASPICE process documents by a team of experts with extensive expertise in cybersecurity and ASPICE processes in theory and practice. We utilize existing know-how and experience from comparable projects in the tier-n environment to ensure high quality and adequate depth of content in the process documents.

Our approach includes identifying and closing gaps in the documentation, improving comprehensibility and adapting to additional requirements if necessary. This service aims to make the process documentation not only ASPICE-compliant, but also practical and directly applicable in order to meet the requirements of OEMs and increase the efficiency of internal development processes.

All too often in development projects that deal with the integration of cybersecurity, the ASPICE process model is considered as a separate topic and is not taken into account. Nevertheless, ASPICE for Cybersecurity has meanwhile become a process model that can provide support for the adequate consideration of cybersecurity in vehicle-specific development work.

With our consulting services around ASPICE for Cybersecurity, which focus specifically on the proper establishment of the process model, we offer our clients an extremely beneficial added value, which is the result of our extensive expertise in the field of operational implementation and strategic guidance for the consideration of cybersecurity in development projects on the one hand, and in-depth knowledge of ASPICE processes and their transfer into practice on the other.

In this way, we offer practice-orientated support to seamlessly bring ASPICE processes and cybersecurity projects together, not least to create clarity about assessor expectations and to act effectively in continuous requirements management.

Development projects in the automotive and vehicle industry require not only the early consideration of security and safety, but also the overall systematic and process-efficient organization of the actual development work. In order to achieve the best possible quality with the lowest possible risk and cost efficiency throughout the entire lifecycle, organizations need to create the necessary structures and processes and apply them properly in practice.

Our services in the field of holistic systems engineering and process optimization based on the ASPICE process model support you in doing exactly this.

In the field of systems engineering, we support you both conceptually and operationally in the needs-based development of a systems engineering approach that works in your organization. You can also rely on reliable statements based on our countless practical projects in the industry when it comes to specific questions, such as tool selection or system architecture modeling.

Benefit also from our expertise to increase your level of maturity in the application of ASPICE or ASPICE for Cybersecurity in practice together with us. Starting with a gap analysis, through process modeling and working with templates, to ASPICE coaching or dedicated document and process reviews.

Please send us your non-binding inquiry here

    I'm interested in the following consulting services:

    Please do not hesitate to contact us for an individual review of our service portfolio in the light of your organizational or project-specific requirements. We are pleased to present our services in the practices Cybersecurity (Organizational and Project Level), Functional Safety, SUMS and Systems Engineering/ASPICE as well as the additional offers of CYRES Consulting in detail.

    By providing us with more specific information about your project setting (as an OEM or tier-n supplier) right from the start, we can help you quickly to deliver the answers you need during your selection process.

    Please note: The services presented by CYRES Consulting are initially a non-binding offer. Please use the form on the left for your initial non-binding inquiry. In the subsequent dialogue, we will present the scope of our services to you in detail and clarify all organizational framework conditions with you (incl. NDA, if required).


    Error: Contact form not found.


    Essential Guide

    The Essential Guide to ISO/SAE 21434

    How to manage the challenges of the new automotive cybersecurity standards and regulations

    Essential Guide

    The Essential Guide to ISO/SAE 21434

    How to manage the challenges of the new automotive cybersecurity standards and regulations