MHP Consulting UK Limited and Bentley Motors have collaborated to establish Cybersecurity and Software Update Management Systems (CSMS & SUMS) for the Bentley landscape, achieving compliance with the UNECE (United Nations Economic Commission for Europe) World Forum for Harmonization of Vehicle Regulations.
Bentley achieved its certification with zero non-conformities for this project, spanning approximately 24 months.
In the age of connected vehicles and increasing cyber threat, it is vital for OEMs to demonstrate they have robust processes and systems in place to protect vehicles and individuals interacting with them.
The UNECE regulations strive to address this issue; as of July 2024, OEMs must adhere to these regulations in order to sell any vehicle and product within its 56 member states.
Notably, the key regulations include R155, which centres on cybersecurity; and R156, which focuses on software updates.
In addition to achieving compliance, OEMs are required to introduce the necessary related supporting management systems across their organisations to maintain compliance.
They must also have them audited by a technical service in order to sell any vehicles in UNECE regions.
Despite the fact that the Bentley CSMS and SUMS were already broadly similar to the UNECE requirements, the manufacturer still had to ensure that it complied with both the R155 and R156 regulations for regulatory and type approvals.
Bentley and MHP embarked on a project that enabled Bentley to achieve compliance, implemented in two key stages.
For phase one, Bentley and MHP Consulting UK engaged with a technical service to enable it to develop the appropriate concepts and processes that would align with the UNECE requirements, reinforcing Bentley’s regulatory compliance.
This resulted in Bentley concentrating on communicating with the external auditors and members of the authorities.
MHP Consulting UK captured the key actions, points and behaviours related to the initiative.
The successful audit preparation consisted of: audit strategy development, with full ‘dress rehearsal; integration of requirements in new and existing processes; adaptation of group-wide policies and processes; high process maturity in consideration of ISO21434; onboarding of CSMS/SUMS relevant IT tools; and high managerial commitment.
As a result, the Certification Audit was achieved with zero non-conformities.
Phase two involved operationalising, executing and running Bentley’s customised CSMS/SUMS management system, the phase one foundation enabled the programme to deliver a successful first Surveillance Audit.
Phase two included: a programme governance structure; a surveillance audit preparation; collecting evidence about the process operationalisation; working in a cross-functional manner with the business; and a demonstration of running CSMS & SUMS relevant IT tools across the business.
The cybersecurity (CS) culture within Bentley was increased, too, through awareness and communication campaigns.
This approach prepared the business for a sustainable integration of CSMS & SUMS deeper into Bentley’s business-as-usual operations.
Chris Cole, product line director for Bentley Motors Ltd, said: “We’re proud of this close collaboration with MHP Consulting UK, and the fact that Bentley has met the cybersecurity legislative requirements set out by the United Nations Economic Commission for Europe.
“Not only have our joint teams achieved certification with zero non-conformities, they have pushed the boundaries of innovation, further entrenching cybersecurity as a cultural imperative into the Bentley brand.
“This is a major achievement for our team and ultimately means that our GT range of vehicles meets the highest cybersecurity and software update management systems.”
Bodo Philipp, CEO for MHP Consulting UK, said: “Achieving UNECE compliance is crucial for an OEM’s market access, and can therefore mean a bottom-line impact of millions, even billions, depending on the brand.
“It is key for OEMs to work with proven experts that can help them to navigate the regulatory landscape successfully – especially as the industry becomes more and more dependent on data, internet access and connected services.
“Our teams have done incredibly successful transformative work together. They’ve led the charge on this initiative, and have set new standards within Bentley – a fantastic achievement. Well done!”
