ESCRYPT CSMS audit

Since July 2022, new regulations are compulsory for all new vehicle types, and for all new vehicles manufactured from July 2024. ETAS helps manufacturers and suppliers to make their organization fit for the new cybersecurity requirements.

Is your organization ready for the new cybersecurity requirements?

Due to the limited time until enforcement of the new UN Regulation 155, it is crucial to speed up rollout of a cybersecurity management system (CSMS), reuse existing management systems and processes, to have a transparent view of potential gaps and to follow a prioritized list of improvement steps to ensure successful certification.

ESCRYPT CSMS audit by ETAS provides a fit/gap report including recommendations as well as a roadmap on how to establish a conformant cybersecurity management system in your organization.

Organizational cybersecurity audits are a component of PROOF, the ESCRYPT Product Security Organization Framework by ETAS. PROOF is a proven approach to guide manufacturers and suppliers from the first readiness check to the commissioning and operation of a CSMS.

Start today to ensure your organization is on the right track to meet the cybersecurity challenges of the future.

Towards conformity and strategic cybersecurity

Actionable insights

From initial planning and intermediate management reviews to supplier audits and internal certification pre-audits, ETAS' audit reports provide actionable insights in all phases of your CSMS program: Aggregated ratings per management domain, detailed evaluation per individual requirement, and qualification of improvement measures.

Tailored to your needs

ESCRYPT CSMS audit by ETAS reduces complexity: Its basis is the unified framework PROOF. It integrates relevant legislation, standards and guidelines such as the UN Regulation on cybersecurity and the ISO/SAE DIS 21434. PROOF is steadily maintained, as these frameworks and others from NHTSA, Jaspar, China’s MIIT continue to evolve. The objective: Tailoring the audit to your organization’s specific needs.

Transparent conformity & benchmarks

ESCRYPT CSMS audit enables conformity declarations and industry benchmarks: Our independent auditors follow a proven, standards-driven methodology that is based on many years’ experience in auditing automotive norms (e.g. ISO 26262) and security management systems (e.g. ISO/IEC 27001). We also take recent developments into account such as the upcoming ISO PAS 5112 “Guidelines for auditing cybersecurity engineering” and the VDA QMC’s yellow volume “Automotive Cybersecurity Management System Audit”.

Our proven approach

We begin with a preparatory meeting that familiarizes you and your stakeholders with the audit approach and prepares efficient on-site interviews. Our expert auditors next conduct on-site interviews in order to create a standardized record of evidence for activities and processes in support of the defined audit scope. We share the interview minutes with you and begin an expert analysis. The result is a fit/gap report that enables effective CSMS program steering. We typically conclude the audit service by hosting an on-site planning/review workshop to explain the main findings and translate the reports recommendation into an actionable, prioritized roadmap.