MHP Consulting UK and Bentley Motors have collaborated to establish a robust cybersecurity and software update management system (CSMS & SUMS) for the Bentley landscape, achieving compliance with the United Nations Economic Commission for Europe (UNECE) world forum for harmonization of vehicle regulations (WP.29).
The partnership responds to the growing cybersecurity risks associated with connected vehicles, with OEMs now required to implement robust systems and processes to ensure vehicle and user protection. The UNECE regulations, effective from July 2024, mandate compliance for selling vehicles within its 56 member states. Key among these are Regulation R155, which addresses cybersecurity management, and Regulation R156, which governs software update processes.
In addition to compliance, OEMs are also required to introduce the related supporting management systems necessary to maintain compliance across their organizations. They must also be audited by a technical service to sell any vehicles in the UNECE regions.
Bentley collaborated with MHP Consulting to ensure that it complied with both the R155 and R156 regulations for regulatory and type approvals. Bentley’s initiative was implemented in two key stages.
Phase 1: Cybersecurity & Software Update Management Systems (CSMS & SUMS)
Bentley and MHP Consulting UK engaged with a technical service to develop the appropriate concepts and processes that would align the system with the UNECE requirements. Bentley concentrated on communicating with the external auditors and members of the authorities. MHP Consulting UK captured the key actions, points and behaviors related to the initiative.
The audit preparation consisted of the development of the audit strategy, which acted as a dress rehearsal, the integration of requirements in new and existing processes and their implementation, the adaptation of group-wide policies and processes (e.g. ISO21434 / R155/156) , high process maturity in consideration of ISO21434, onboarding of CSMS/SUMS relevant IT tools and the establishment of high managerial commitment.
Phase 2: Operationalization and execution of Phase 1.
Phase 2 of the project focused on putting the CSMS/SUMS management system into operation, building on the foundation established in Phase 1. Key outcomes of Phase 2 included the establishment of the program governance structure, surveillance audit preparation, evidence-based process implementation, collaboration from across the business and the deployment of CSMS and SUMS-related IT tools.
The use of modern program management tools supported transparency throughout the initiative. The cybersecurity (CS) culture, says Bentley, was enhanced through awareness & communication campaigns (e.g. CS Tech Talks and monthly reports). This approach strategically prepared the business for a sustainable integration of CSMS and SUMS.
Chris Cole, product line director Bentley Motors, said, “We’re proud of this close collaboration with MHP Consulting UK, and the fact that Bentley has met the cybersecurity legislative requirements set out by the United Nations Economic Commission for Europe. Not only have our joint teams achieved certification with zero non-conformities, they have pushed the boundaries of innovation, further entrenching cybersecurity as a cultural imperative into the Bentley brand. This is a major achievement for our team and ultimately means that our GT range of vehicles meets the highest cybersecurity and software update management systems.”
Bodo Philipp, CEO MHP Consulting UK, added, “Achieving UNECE compliance is crucial for an OEM’s market access, and can therefore mean a bottom-line impact of millions, even billions, depending on the brand. It is key for OEMs to work with proven experts that can help them to navigate the regulatory landscape successfully – especially as the industry becomes more and more dependent on data, internet access and connected services.
“Our teams have done incredibly successful transformative work together. They’ve led the charge on this initiative and have set new standards within Bentley – a fantastic achievement. Well done!”