With increasing software updates, the ISO 24089 is here to help in establishing a software update management system (SUMS) and applying software update engineering throughout the vehicles’ lifecycle to enable software quality, cybersecurity, and safety. The newly published standard provides standardization of software updates on a global level. In addition to ISO 24089, UN Regulation No. 156 (as a UNECE-WP.29-regulation) has already established a more uniform approach to the requirements around software updates with the Software Update Management System (SUMS). We provide an overview in the following article.
- I. What is ISO 24089 in summary?
- II. Why is ISO 24089 necessary for the automotive industry?
- III. Is the ISO 24089 already officially released?
- IV. How ISO 24089 and UN Regulation No 156 will standardize software updates
- V. What is the difference between ISO 24089 and UN Regulation No 156?
- VI. What does the ISO 24089 require? [February 2023 update]
- VII. What does ISO 24089:2023 include?
- VIII. Where can the ISO 24089:2023 be purchased?
- IX. Getting ready for ISO 24089
Some decades ago, when the car was purely mechanical, fixing failures or implementing changes or upgrades was only possible at the workshop. Now compare that to today’s vehicles. Nowadays, upgrades can be made via software updates completely remotely and on the fly without a mechanic being involved.
All these capabilities are possible thanks to the increased use of electronic control units, which directly increases the complexity of software in vehicles.
Increased connectivity, in-car services, functionalities, features ways and functionality to distribute software play a role here.
Not surprisingly, in order to increase capabilities and enable upgrades, software updates are often performed. However, for many years software updates had been unregulated, which led to an increased number of bugs and incidents. Luckily, this is set to change with new standards and regulations.
What is ISO 24089 in summary?
The ISO 24089 is considered as state of the art and thus a reference point for software updates in the automotive industry across the globe. For the first time, the standard sets up expectations surrounding software updates documentation. Moreover, the standard defines a unified approach to managing software updates. The stipulated requirements and recommendations apply to vehicles, vehicle systems, electronic component units (ECUs), and the assembly and deployment of software update packages after the initial development. It plays a key role in organizations involved in software update engineering for road vehicles that permit software updates, such as vehicle manufacturers, suppliers in addition to their subsidiaries or partners.
In our brand-new on demand video learning course “ISO 24089” on the CYRES Academy Online Learn Platform we answer the most important questions about ISO 24089. After your registration you can watch the video course.
Why is ISO 24089 necessary for the automotive industry?
Considering a vehicle’s life span is about 10 years or longer, a driving vehicle requires multiple updates over a prolonged period of time to ensure cybersecurity. Compared to previous decades, enhancing vehicle operations, performing maintenances and updates remotely is a great improvement and opportunity.
At a first glance, it seems like an efficient way to add new capabilities, new in-vehicle apps features, and implementing important fixes.
However, while these updates are essential to provide security patches, they also represent a major challenge to the industry.
Just like cars could be hacked before connectivity came around, vehicles today can be hacked via one of the hundred ECUs, vulnerabilities on apps of connected smartphones, communication networks, etc.
Due to increased connectivity, cars are more vulnerable now than ever.
To make matters more complicated in the automotive industry, although there has been some practice to verify software updates during verification and validation at the development stage, there are no officially standardized best practices to verify software updates.
While OEMs might have already methods to confirm software updates, verifying all additional components originally produced by suppliers can get lost along the complex supply chain. Moreover, considering today’s cars have more than a hundred ECUs, verifying secure software updates for every single one of them remains a challenge.
Is the ISO 24089 already officially released?
Since early February 2023, ISO 24089:2023 Road vehicles – Software update engineering is officially published and can already be purchased. The previous version was ISO 24089 in the FDIS version.
How ISO 24089 and UN Regulation No 156 will standardize software updates
We cannot possibly talk about the ISO 24089, without mentioning UN Regulation No. 156. Both the UN Regulation No. 156 and ISO 24089 provide requirements for the standardization of how software updates will be managed while ensuring cybersecurity and safety, which are at the heart of these updates along with the related processes.
The introduction of industry set standard ISO 24089 “Road vehicles – Software update engineering” is set to change the management of software updates and move towards a uniform approach managing requirements.
In parallel, compliance with the UN Regulation No 156 is required by the European Union’s General Safety Regulation (GSR) for a vehicle type approval for all UNECE member countries. The UN Regulation No 156 makes management and documentation of software updates mandatory for vehicles. This will be managed and documented through the certified Software Update Management System (SUMS). The UN Regulation No. 156 describes SUMS as the systematic approach defining organizational processes and procedures to comply with the requirements for the delivery of software updates. These requirements are covering type approval relevant systems and components, as well as safety and continuous operation related functions.
Under the UN Regulation No 156, manufacturers are required to assess and renew certified SUMS at least every three years. Read more about it in our blog UN Regulation No 156: Software Update Management System (SUMS).
What is the difference between ISO 24089 and UN Regulation No 156?
The key major distinction between the two, is that the UN R156 is a regulation while the ISO 24089 is a standard defined by the industry. This means the UN R156 is mandatory for all the vehicles sold in the UNECE member countries while the ISO 24089 provides the state-of-the-art industry practices.
Moreover, the UN R156 covers solely the compliance of OEMs while the ISO 24089 can be applied by the OEM or a supplier in the supply chain. This can be seen by the example of the UN R155 and the ISO/SAE 21434 for cybersecurity, where the UN R155 is applied by OEMs and the standard is required by the OEMs from their suppliers and the sub-suppliers, down the value chain.
The OEMs will require their suppliers to be compliant to the ISO 24089 to demonstrate their compliance to the UN R156.
OEMs, need to also understand that non-compliance to the UN R156 can lead to penalties such as a ban from selling vehicles in approximately 64 UNECE member states. While with non-compliance to the ISO 24089 standard, no penalties are imposed but compliance will support in matters such as, liability cases. Furthermore, the ISO 24089 does not have jurisdictional restrictions as any organization wherever can opt to comply with the standard.
However, it has to be considered that the applicability of a SUMS, is only relevant if the company supports software updates, which can also include replacing hardware.
Another distinction is that the scope of the UN R156 applies to specific categories of vehicles namely M, N, O, R, S and T as defined in the Consolidated Resolution on construction of Vehicles; that permit software updates. ISO 24089 provides a generic scope that covers road vehicles whose software can be updated.
Regarding the product liability law, with the implementation of the ISO 24089 standard it can be proven that the design and implementation of processes is according to the requirements for a proper SUMS, which also supports the proof that the OEM is adhering to the requirements from the UN R156.
However, being compliant to the standard does not automatically mean that a company is compliant to the regulation and vice versa.
It should also be noted that an audit and official certification of the SUMS in accordance with the requirements for UN R156 and the ISO 24089, is being demanded for OEMs.
With the UN R156 regulation, an audit or assessment to determine whether an organization satisfies the requirements is only conducted by the approval authorities or technical services. The SUMS certification follows the same approach as the CSMS certification according to UNR155.
A Technical Service (such as TÜV or DEKRA) performs the audit. An audit report is prepared and handed over to the Approval Authority (e.g. the German Kraftfahrtbundesamt KBA) for approval of the audit.
This way, a Certificate of Compliance (CoC) can be issued by the Approval Authority (after the audit by the Technical Service)
For the ISO 24089, an organization would have to undergo a similar certification process as other ISO standards. This would involve engaging a certification body to perform an assessment and an audit then issue a certificate to show the organization’s SUMS processes are certified.
Just as the certification in accordance with ISO/SAE 21434 occupies organizations, particular developments and individuals working in this field, it can be assumed that the application, respectively the compliance according to ISO 24089 will also be demanded by OEMs in general.
The suppliers might have to support the OEM with documentation or even provision of software updates and this in a managed way.
What does the ISO 24089 require? [February 2023 update]
The ISO 24089 not only provides technical requirements related to software updates and cybersecurity throughout the vehicle lifecycle, but also organizational and procedural requirements for the entire automotive supply chain. In short, it aims to ensure that:
- Vehicle software updates are secure and come from verified sources
- Processes and continuous improvements for software updates are implemented
- Create shared awareness of safety and cybersecurity along the automotive supply chain
Most importantly, as the ISO 24089 describes the technical requirements for SUMS, OEMs and suppliers must further define organizational processes, e.g. by defining how long software updates will be provided over a certain period and by which entity it will be provided.
With the ISO 24089 Road vehicles – Software update engineering, the UN Regulation No 156 has similar requirements as both require secure software update mechanisms.
Therefore, detailed alignment between the requirements of the ISO 24089 and the UN Regulation No 156 will be an important topic. Assessing the manufacturer’s software updates will identify the level of conformity to the UN Regulation No 156 and ISO 24089.
The ISO 24089 and UN Regulation No 156 are like the ISO/SAE 21434 being the standard that supports being adherend to the requirements of the UN Regulation No 155.
In the past, we’ve already served clients in harmonizing these two views and consolidated unified conformity with the standard and the regulation. Just like synchronization and alignment between the ISO/SAE 21434 and UN Regulation No 155 was a challenge that needed to be tackled, this time around won’t be different with the SUMS.
What does ISO 24089:2023 include?
As we dive deeper into the ISO 24089, we get to see the different requirements that are to be applied to organizational processes, software update project processes, software update assembly and software update campaign activities.
These requirements are covered in five major categories namely:
- Organizational level,
- Project level,
- Infrastructure level,
- Vehicle and vehicle systems level,
- Software update package
- and lastly, Software update campaign requirements.
For each of these categories, there are detailed requirements and recommendations outlined on what is expected to be implemented. The standard extends to show what are the anticipated outcomes in form of work products.
Requirements are the organizational level are aimed at ensuring an organization has established governance for software update engineering. Governance determines what are the organization’s responsibilities, compliance to the standards, activities such as continuous improvement, information sharing as well as supporting processes. To provide assurance that the objectives are been met, an audit shall be performed.
These cover project management activities for the software update projects and managing information relating to these projects. The information can include tailoring the projects accompanied with the rationale, interoperability between infrastructure and the vehicle system functions along with preserving the integrity of the software as well as their metadata or update packages.
Infrastructure level requirements take into consideration the functions assigned to the infrastructure for the software update campaigns. These functions include distribution, communication, information storage, and cybersecurity. The requirements at this level aim at managing cybersecurity risks of the infrastructure, managing vehicle configuration information, communicating software update campaign information in addition to process of distributing software update packages.
Vehicle and vehicle system level
The vehicle and vehicle systems level requirements establish the functionality in and for the vehicle or the vehicle systems to support the software update operation. The functionality deals with managing both safety and cybersecurity risks, generating necessary vehicle configuration information, communicating software update campaign information, enabling software update operation, and verifying software update packages alongside with managing failures during software update campaigns.
Software update package
Software update package requirements focus on the assembling of software update packages, verifying and validating the software update package’s contents coupled with identifying the classes of vehicles and vehicle systems to receive the package. Upon verification and validation of the software update package, the package is approved for release.
Software update campaign
In the Software update campaign requirements, software update campaigns are prepared, executed, and completed. Here the requirements further focus on identification of targets of a software update campaign, collection of vehicle configuration information, resolution of targets into recipients, distribution of the software update package and communicating relevant software update campaign information.
Where can the ISO 24089:2023 be purchased?
As of now the document of the standard can be purchased in PDF/Epub format or hard copy on the official website of the International Standard Organization and via the ISO Online Browsing Platform.
Getting ready for ISO 24089
To help meet the above-mentioned requirements holistically, we can also consider other standards such as but not limited to:
- ISO 26262 when tackling safety risks
- ISO/SAE 21434 and ISO/IEC 27000 series for managing cybersecurity risks
- ISO 21448 for safety of the intended functionality (SOTIF)
- ISO 10007 and ISO/IEC/IEEE 15288 for configuration management
- IATF 16949, ISO 9001 and ISO/IEC 25000 for quality management
It can be stated that subjects such as quality management, information security, functional safety, and cybersecurity are closely connected to SUMS and some requirements go hand in hand with each other.
Finally, processes to interact with vehicle users and provide skilled personnel in cases of specific over-the-air updates as well as thorough documentation are necessary to ensure that vehicle software updates are conducted as required.
Now it is a good time for all stakeholders involved to initiate dialogues between OEMs and suppliers to ensure software updates are conform to regulations like the UN Regulation No 156, but also the international standard ISO 24089 as well as other related automotive relevant standards.
Risk must be mitigated during the entire vehicle lifecycles. Our UN R156 learning portfolio can already give you a knowledge boost and overview of current demands for software update management systems
Tobias Pilz is Lead Senior Consultant at CYRES Consulting. His expertise includes the implementation and audit of Information and Cybersecurity Management Systems and Processes as well as Ethical Hacking.
At CYRES Consulting he is involved in different cybersecurity projects and also a member of the DIN NA052-00–32-12 AK Software Update Engineering and thus also of the ISO/TC 22/SC 32/WG 12 „Software Update“ covering the development of the ISO 24089.
Comments are closed.