Skip to content

ENX Vehicle Cybersecurity

Gruppe von Ingenieuren diskutiert über ein Automobilteil in einem technischen Labor.

Cybersecurity in the automotive industry with ENX VCS

As digitalisation and networking in the automotive sector progresses, the risk of cyberattacks is growing. As a result, increased requirements for the cyber security of electrical and electronic (E/E) systems for vehicles are characterising the entire automotive industry supply chain. This development is being driven by the increasing use of digital technologies in vehicle systems, including automated driving and the connectivity of vehicles with the road infrastructure, other vehicles or data centres.

Vehicle Cybersecurity (VCS) is a new audit programme from the ENX Association aimed at cybersecurity in the automotive sector. It aims at standardised audits for Cybersecurity Management Systems (CSMS) and implements ISO/PAS 5112 in the context of ISO/SAE 21434, using the existing and established audit framework of the ENX Association.

Upon successful verification by participating audit providers, such as TÜV NORD, ENX issues a VCS certification on its exchange platform.

Contact us

Target groups for ENX VCS certification

  • Suppliers of hardware and/or software-based components and/or systems
  • Software and ICT infrastructure service providers

The ENX VCS audit programme was primarily designed for automotive suppliers involved in the development, production or maintenance of electrical and electronic systems for road vehicles. UNECE Regulation No. 155 (R 155) requires all automotive manufacturers (OEMs) to provide proof of the successful audit of their cybersecurity management system in the form of a Certificate of Compliance (CoC). Suppliers must provide this proof to the OEMs. OEMs already require their suppliers to provide proof that a cybersecurity management system has been implemented.

We at TÜV NORD CERT have extensive expertise and experience in the field of automotive cybersecurity. Do you have any questions about the audit programme? Then do not hesitate to contact us.

Meeting cybersecurity requirements

With TISAX®, ENX has already established a cross-company assessment and exchange procedure for information security in the automotive industry. The proven processes and experience gained from the TISAX® assessment were integrated into the development of the new VCS audit programme. The award of the ENX VCS certification confirms that the highest cyber security requirements are met. This includes the requirements of standards such as ISO/SAE 21434 and ISO/PAS 5112 as well as the UNECE regulation.

Advantages of ENX VCS certification

  • Fulfilment of the highest cybersecurity requirements to protect vehicles and passengers
  • Fulfilment of the obligation as a supplier to prove its cybersecurity to vehicle manufacturers
  • Relevant cybersecurity test criteria for the automotive industry
  • Sustainable implementation of vehicle cybersecurity (VCS) in deeply integrated supply chains improves safety and reliability in the manufacture and maintenance of products
  • Appropriate risk management and governance across different partners
  • Standardised audit programme: testing and reporting procedures are standardised
  • The comparability and informative value of the results are high
  • Recognised and established processes and procedures of the ENX Association

Audit process for an ENX VCS certification

1

01

Online registration ENX platform

2

02

Selection and commissioning of testing service providers (TÜV NORD)

3

03

Arrangement of appointments with auditors & provision of documentation

4

04

Audit level 1: Focus on documentation review

5

05

Audit stage 2: Focus on processes & interviews with stakeholders

6

06

Management of deviations

7

07

Provision of the label on the ENX platform

ENX Vehicle Cybersecurity (VCS) – audited by TÜV NORD

TÜV NORD is a renowned service provider for a large number of national and international audit and certification programmes. We have been accredited for IATF 16949 and ISO 27001 for many years and are a long-standing audit provider for TISAX®.

Note: TÜV NORD CERT GmbH is authorised by ENX to offer VCS audit services. The brands and trademarks associated with the VCS audit programme or TISAX® and the associated intellectual property belong to ENX.

FAQs about ENX VCS certification

FAQ on testing according to ENX VCS

No. Upon successful verification by participating audit providers, such as TÜV NORD, a VCS certification is issued by ENX Association - the administrator of the VCS audit programme - in its database.

TÜV NORD CERT was involved in the development of the ENX VCS programme from the very beginning and carries out the corresponding audits. Valuable experience gained during the global pilot phase is therefore incorporated into the application of the audit programme.

The prerequisite for an ENX VCS audit is a TISAX label with assessment level 2 or 3.

In principle, UNECE Regulation R 155 applies to all new vehicle types that are developed from July 2022 and produced and placed on the market in the EU from July 2024.

Would you like to learn more about ENX VCS certification? Please feel free to contact us.

ISMS Sales & Projectmanagement

sales.isms@tuev-nord.de
Send Email

Further services for you

Information security management

TISAX®

TISAX® is a cross-company assessment/exchange procedure for information security in the automotive industry
TISAX®