Cybersecurity Audit: Preparation for Implementing CSMS & SUMS Systems
Project Title: Cybersecurity Audit and Preparation for Implementing CSMS & SUMS Systems
Client: BMZ Poland
Industry: Energy & Environment
Expertise: Cybersecurity
Scope of the project: Zero-state audit, preparation for implementing CSMS and SUMS systems
Tools: ISO 21434:2021, ISO 24089:2023
A cybersecurity audit and preparation for implementing CSMS & SUMS systems is the process of assessing the compliance of existing procedures with R155 and R156 regulations and ISO standards. Its goal is to identify security gaps and develop an action plan to implement Cybersecurity Management Systems (CSMS) and Software Update Management Systems (SUMS).
ALTEN Polska (formerly Solwit) conducted a zero-state cybersecurity audit for BMZ Poland, a leading European manufacturer of intelligent lithium-ion systems. The project aimed to prepare the organization for the implementation of Cybersecurity Management Systems (CSMS) and Software Update Management Systems (SUMS).
The expertise involved an assessment of compliance with R155 and R156 regulations and ISO 21434 and ISO 24089 standards. These regulations require OEM manufacturers to implement comprehensive processes to safeguard against cyber threats.
Task of the ALTEN Polska Team
BMZ Poland sought ALTEN Polska’s expertise for an external review of their processes to ensure compliance with R155/R156 requirements. The client prioritized identifying areas for improvement and creating an actionable plan for effectively implementing CSMS and SUMS systems. ALTEN Polska’s team was tasked with analyzing existing processes and providing detailed recommendations.
Project Execution
The project began with a meticulous planning phase, including establishing a schedule, defining key audit areas, and assigning responsibilities. ALTEN Polska’s three-member expert team consisted of an embedded systems engineer, a security testing consultant, and a quality assurance specialist.
The process included:
- Analyzing organizational and technical documentation related to production and software update processes.
- Conducting interviews with stakeholders to identify priorities and specific industry challenges.
- Verifying the compliance of existing procedures with R155 and R156 regulations.
Final Outcome
Based on the analysis, ALTEN Polska delivered a report outlining the strengths and weaknesses of the cybersecurity management systems. The report included detailed recommendations for aligning processes with ISO 21434 and ISO 24089 standards.
The document also mapped R155 and R156 regulations to BMZ Poland’s operational profile, enabling the organization to create a step-by-step action plan. With the provided recommendations, the client was able to enhance the security of their systems significantly.
Summary
The audit conducted by ALTEN Polska enabled BMZ Poland to prepare effectively for implementing CSMS and SUMS systems. The review not only identified areas requiring improvement but also delivered practical solutions to achieve full compliance with R155 and R156 regulations.
