We help OEMs and automotive suppliers design, implement, and sustain Cybersecurity Management Systems that meet ISO/SAE 21434 and UN Regulation 155 type approval requirements.
Find out what we can do for youEnd-to-end automotive cybersecurity consulting — from initial gap analysis through certification readiness and beyond.
Full Cybersecurity Management System design and rollout, aligned with ISO/SAE 21434 and fully evidenced for UN Regulation 155 type approval audit by a recognised technical service.
A rigorous clause-by-clause assessment of your organisation's current cybersecurity posture, delivered with a prioritised, actionable remediation roadmap.
Structured Threat Analysis and Risk Assessment across vehicle items and components — damage scenarios, attack paths, feasibility ratings, and cybersecurity goals documented to standard.
Preparation for UNR 155 type approval: CSMS audit support, evidence packs, technical service briefings, and ongoing compliance monitoring as the regulation evolves.
Tailored workshops for engineering, project management, and executive audiences — covering ISO/SAE 21434 principles, TARA methodology, and secure development lifecycle practices.
Embedding cybersecurity culture and processes across engineering, procurement, and leadership — building internal capability to sustain compliance long after the engagement ends.
The international standard for road vehicle cybersecurity engineering defines requirements across the entire product lifecycle — concept, development, production, operation, and decommissioning. Our consultants have hands-on implementation experience across every clause: cybersecurity governance, distributed development management, TARA, cybersecurity goals, requirements, verification, and validation.
UN Regulation 155, mandated by the UNECE World Forum for Harmonization of Vehicle Regulations (WP29), requires vehicle manufacturers to hold a certified CSMS as a condition of type approval across participating markets. Mandatory in the EU for new vehicle types from July 2022 and for all new vehicles from July 2024, UNR 155 compliance is now a hard commercial requirement for market access. We guide organisations from readiness assessment through successful audit.
ISO/SAE 21434 places explicit requirements on managing cybersecurity across the supply chain. We help OEMs establish supplier cybersecurity requirements, conduct supplier assessments, and ensure that Tier 1 and Tier 2 cybersecurity evidence integrates cleanly into the vehicle-level CSMS — meeting both the standard and the expectations of technical services performing UNR 155 audits.
Our consultants operate as senior, autonomous professionals — embedded within your programme, aligned to your timelines, and capable of driving deliverables without heavy management overhead. We integrate quickly, communicate clearly, and deliver to schedule.
ISO/SAE 21434 is the international standard for road vehicle cybersecurity engineering. It defines requirements for managing cybersecurity risks throughout the full vehicle lifecycle — concept, development, production, operation, and decommissioning. Compliance with ISO/SAE 21434 is the technical basis for achieving UN Regulation 155 type approval.
UN Regulation 155 is a UNECE WP29 regulation requiring vehicle manufacturers to demonstrate a certified Cybersecurity Management System as a condition of type approval. It has been mandatory in the EU for new vehicle types since July 2022 and for all new vehicles since July 2024. Non-compliance blocks market access.
TARA — Threat Analysis and Risk Assessment — is the structured process defined in ISO/SAE 21434 for identifying cybersecurity risks. It covers damage scenarios, threat scenarios, attack paths, attack feasibility ratings, and risk treatment decisions that feed directly into cybersecurity goals and requirements for a vehicle item or component.
Any organisation involved in the development of road vehicles or components subject to UN Regulation 155 type approval must address ISO/SAE 21434. This includes OEMs and their Tier 1 and Tier 2 suppliers who contribute to connected, safety-relevant, or cybersecurity-relevant vehicle systems.
Ready to build a cybersecurity management system that stands up to audit — or need expert support on a specific programme? We would be glad to discuss your situation.
stu@tarago.se