The Cybersecurity Act establishes the cybersecurity certification framework for products and services. The Act introduces an EU-wide cybersecurity certification framework for ICT products, services andprocesses. Companies doing business within the EU will benefit from having to certify their ICT products, processes and services only onceand see their certificates recognised across the European Union. The Cybersecurity Act itself is a framework, providing guidelines and in-formation for the inferior although more detailed effort for the operation of standardization organizations. Thanks to the legislator thisframework provides harmonized standards for the market.
The Cybersecurity Act in itself doesn’t formulate any requirement directly to the market. A major cybersecu-rity challenge has been introduced to the automotive industry by the UNECE WP29 regulation. It is a preven-tive action to signifi cant cybersecurity risks. Hackers seek to access electronic systems and data, threateningvehicle safety and consumer privacy. WP29 introduces two new UN Regulations on Cybersecurity and Soft-ware Update entered into force in January 2021, which requires four distinct disciplines to be implemented:
–Managing vehicle cyber risks
– Securing vehicles by design to mitigate risks along the value chain
– Detecting and responding to security incidents across vehicle fleet
– Providing safe and secure software updates and ensuring vehiclesafety is not compromised, introducing a legal basis for so-called„Over – the – Air” (O.T.A.) updates to onboard vehicle software
The objective of UN regulations no. 155 and no. 156 is to regulate cybersecurity for automotive players, intro-duced by the legislation: EU 2019/2144
– R155: Formation and operation of Cybersecurity ManagementSystem (CSMS) at organizational level
– R156: Formation and operation of Software Update ManagementSystem (SUMS) at organizational level
It is the responsibility of car manufacturers to comply with legal requirements and ensure the cybersecurityof their complete supply chain. Effective in the EU from 6 July 2022 for new types and from July 2024 for allnewly manufactured vehicles. (Japan and South Korea follows a similar timeline.)
This applies to passenger cars, vans, trucks and buses; Categories M and N + O if fi tted with at least one ECU+ L6 and L7 also if equipped with automated driving functionalities from level 3 onwards.
Automotive cyber security is a challenge for car manufacturers. Every additional communication interface and component can be a potential vulnerability for cybercriminals. The possibilities for manipulation are growing rapidly, especially for self-driving vehicles or electronically controlled driving and braking functions.
The UN has created two new regulations to define a basic framework for vehicle cybersecurity. These include the UNECE Cybersecurity (UN R 155) Regulation, which makes direct reference to the new ISO/SAE 21434 standard, and the UNECE Software Update (UN R 156) Regulation. The requirements for new vehicle types in the EU came into force in July 2022. The automotive industry is therefore facing serious challenges.
While the international standard ISO 27001 is a general approach to information security, the term automotive cybersecurity refers to the security of digital systems in the automotive industry. Our vehicles increasingly rely on networked electronic systems and software applications. As a result, the protection and security of these components is becoming increasingly important – across the industry. This process starts with vehicle manufacturers, then involves suppliers and engineering service providers, and includes software and ICT infrastructure providers. The United Nations has introduced two new regulations for manufacturers and their suppliers to ensure IT security in the automotive industry.
The ISO/SAE 21434 is a detailed list of requirements built into a standard in order to comply with the legal requirements of WP29. It is a description of the specifi c technical requirements, tasks, work products for the design and operation of the CSMS and the SUMS. 21434 is an independent certification/audit, which requiresa quality management system, therefore there are overlaps with ISO 16949 and ISO 9001 compliance. The ISO/SAE 21434 standard provisions the following aspects of cybersecurity management:
–Overall | Management of cybersecurity activities
–Project dependent | Design and implementation of cybersecurity activities with responsibilities
–Continuous | Permanent cybersecurity activities (monitoring, vulnerability analysis etc.)
–Risk assessment methods | Risk assessment
–Security by design | Cybersecurity activities during design, development, manufacturing and operation phases
–Distributed | Assure cybersecurity in the supply chain (verifi cation of suppliers)
The regulation implies that ISO/SAE 21434 certifi ed suppliers/component manufacturers are preferred. It is the responsibility of car manufacturers to ensure that they comply with the legal requiements of WP 29. If acomponent manufacturer/supplier is certified, the car manufacturer can accept the conformity of the supplierand the supplied product, which is an incentive aspect for the supply chain to fulfil the cybersecurity requirements for themselves as well.
ISO/SAE 21434:2021 “Road vehicles – Cybersecurity engineering” provides requirements and guidelines for the automotive industry in the area of vehicle cybersecurity. The standard aims to provide guidance to automotive companies for the assessment, design, development and testing of vehicle cybersecurity.
The process of ISO 21434 certification in a company typically involves the following steps:
The ISO/SAE 21434 standard (ISO/SAE 21434:2021) is not a binding standard, but a recommendation and guidance for automotive companies on vehicle cybersecurity. Automotive suppliers and partners are increasingly expecting companies to comply with cybersecurity standards as they demonstrate a company’s strong commitment to cybersecurity. Cybersecurity is of growing importance in the automotive industry as vehicles become more complex and interconnected and the risk of cyber-attacks increases. Compliance with this standard can provide benefits in terms of safety, reliability, competitiveness and market position.
The GDPR (General Data Protection Regulation) is a data protection regulation introduced by the European Union to regulate the processing and protection of personal data. The General Data Protection Regulation (GDPR) is the General Data Protection Regulation. ISO 27001 is an international standard for information security and privacy in the automotive industry.
The link between these standards is in the area of privacy and security. The GDPR and ISO 27001 aim to ensure data protection, while 21434 focuses specifically on security and privacy measures in the automotive industry. For data stored and processed in vehicles in the automotive industry, both the GDPR and ISO 27001 guidelines are applicable. The 21434 standard helps vehicle manufacturers and suppliers to ensure that vehicles meet stringent data protection and security requirements.
https://nah.gov.hu/admin/staticmedia/Reszletezo_okiratok/RO1-230601-6-0070-IG-11756640_a.pdf
Contact an accredited certification body that you trust. Accreditation always guarantees the competence, independence and international recognition of the conformity assessment body. TAM CERT’s Cybersecurity Certification Body is a product certification body accredited by NAH under NAH-6-0070/2023 and, with regard to the scope of accreditation, NAH is a signatory to the EA MLA in the fields of testing, calibration, proficiency testing, verification, product certification, management system certification, personnel certification and validation.
Contact a certification body you trust. Accreditation is always a guarantee of readiness. TAM CERT is an accredited cybersecurity certification body, our accreditation can be accessed at:
https://nah.gov.hu/admin/staticmedia/Reszletezo_okiratok/RO1-230601-6-0070-IG-11756640_a.pdf.
Hungarian manufacturers and distributors primarily intend to be present in the domestic and EU markets, but also global markets attract many of them. Each market has different technical- and legal regulations to govern the terms and conditions of distribution and commissioning.
In the EU countries, different compliance procedures have to be followed, depending on the hazards posed by the use of the product. Such procedures range between a manufacturer’s declaration of conformity / CE / and the inspection and certification of the products by third parties.
TAM CERT bases its product certification activities on its accreditations and notifications to assess compliance and to certify products, processes and services. We are Hungary’s EU notified body, under the No. NB 2102.
The certifications issued by us as an independent third party provide a reliable support for manufacturers or distributors active in markets with differing regulations. Involvement of TAM CERT means that the manufacturer’s declarations of conformity will be issued objectively, thus significantly decreasing associated risks, even in cases where such third party certifications are not required by directives.
Professional POC:
Zsolt Soós
E: zsolt.soos@tamcert.hu
P: +36 30 999 9396
The System Certification Division conducts its certification activities based on its own (national) accreditations and the accreditation authorizations of its international partners.
The national accreditation, overseen by the National Accreditation Authority (NAH), extends to certifications according to ISO 9001, ISO 14001, ISO 45001, ISO 50001, ISO 37001, ISO 27001, and ISO/TS 22163 standards. As NAH is a member and signatory of the European Accreditation Cooperation (EA MLA), the certificates issued by NAH-accredited organizations are globally accepted, recognized, and equivalent to certificates issued by other international organizations.
Our main operational principle is to help our partners continuously improve their management efficiency and, indirectly, their competitiveness and market value through the issuance of certificates, while adhering to the highest accreditation requirements and providing high-quality certification services under the motto “Trust is our standard.” We strive to effectively respond to the changing needs of the economic environment and its stakeholders while maintaining professional independence and impartiality.
By continuously developing our professional resources and services, we aim to build and maintain reliable, long-term, and fair partnerships.
Types of system certifications conducted within the scope of our own accreditation:
For companies operating multiple different management systems, an efficient solution is the simultaneous, integrated, or combined certification of these systems. This increases the efficiency of their existing, separate systems, simplifies documentation, and saves time, energy, and costs.
TAM CERT Hungary Ltd., as an independent third-party organization, certifies that the professionals of a company, business, or institution possess the theoretical knowledge, professional experience, and expertise required to perform specific activities.
For companies and institutions operating in the economy, it is crucial to know the qualifications and authorizations their employees have for specific work and services.
In Hungary and the European Union, several national and international regulations, along with industry-specific requirements, define the qualifications expected from personnel working in installation, construction, maintenance, repair, manufacturing, and operation sectors.
TAM CERT Hungary Ltd., as an independent third-party certification body, certifies the knowledge and skills outlined in laws and standards, acting as an accredited, designated, or registered conformity assessment body.
Following the training courses offered by companies or training institutions, TAM CERT Hungary Ltd. issues multilingual certificates upon successful examination. Exams can be conducted either at TAM CERT Hungary Ltd.’s own facilities or at the client’s site, whether in Hungary or abroad, provided that the conditions for the examination are met.
Our key personnel certifications include:
For more information regarding personnel certification, please feel free to contact our experts.
Information about welder certifications issued by TAM CERT after October 3, 2019, and certified with qualified electronic authentication, can also be directly queried through our E-CERT certification verification service on our website.
The use and possession of energy has always been of decisive importance in the history of mankind, but this is of particular importance today. Safe energy production and transportation, which can satisfy current consumer needs, both in terms of quantity and quality, is a key factor in the sustainable development of our society. In addition to the needs of households, electricity is an integral part of telecommunications, education, healing, transport, but it is essential for the operation of banking and other financial systems or public administration.
The activities of our business line cover both conventional and nuclear power generation equipment. The security of energy production has two closely related contents. It means, on the one hand, security of supply and, on the other, technical security, which is, of course, further linked to the security of the environment and society, including the population.
Development is intensive, the various forms of renewable energy production are particularly spectacular, and today the basic criteria of our decisions and investments are the way and extent of energy use and the conscious choice of the origin of energy.
When examining the subject of energy, we must not forget about oil installations either. The basic need for land, water, and air transport is to have, store, and transport fuel of the right quality to the place of use.
For organizations that produce, convert and deliver energy to the place of use, we provide:
The development of the elements, control technology and management of energy systems, digitization and networking expect engineers to provide technical solutions that, in addition to providing traditional security elements, also control the vulnerability associated with increasing complexity. The employees of TAM CERT Magyarország Kft. explore, analyze and / or certify the conformity and effectiveness of these physical, human, system and cyber risks.
We provide security in terms of technology and security of supply throughout the entire chain of energy production, energy investments, and consumption of the energy produced.
In case of questions related to the services of TAM CERT MAGYARORSZÁG Kft., please contact us with confidence, we are also available for further professional questions!
„Citius Altius Fortius” – Faster higher stronger!
The thoughts of baron Coubertin regarding sport are fully valid for the person ambitious in the economic life and for his enterprise too.
The technological convergence and the more and more complex production processes together with the connected ever increasing investment value meets the demand of the authorities the moneylenders and surrounding communities relating riskhandling.
In this intersection appears the concept of technical surveillance which makes the judgement of the running processes objective for the in-vestors the contractors and suppliers as well as for the further stake holders.
This is a function with responsibility for which several preparedness elements needs as well TAM CERT to possess when it practises technical surveillance.
In the course of large investments – even oil- and gas, energetic, chemical industrial, machine manufacturer, car industrial – project-oriented imple-mentation and construction is typical. On this complex undertakings a large number of suppliers are present which have to perform in the same time remaining in the frame of the same budget. Quality-management and independent surveillance of the projects obviously means value-assurance and investment-protection including the elements of the management-logic of the project and conformity with the relevant prescriptions directives and engineering norms and detecting preventing of the risks.
As a notified organization on the fields of PED, SPV and CPR in the European countries we possess accepted competences beside home accreditations and assignments. It is a clear task for a TAM CERT NoBo expert that the payback and thrift of the more and more expensive investments has the same importance as the judgement and control of the risk of the dangerous and critical production- and conversion processes.
We can utilize our experiences realized in this field on such surveillance jobs where we don’t carry out activities through our assignments.
Please entrust the technical surveillance of your projects to our company and our responsibility-taking will immediately and safely return to all our clients.
TAM CERT Magyarország Vizsgáló és Tanúsító Kft. has been selected and qualified as Europrivacy™® official partner by the European Centre for Certification and Privacy. We support and prepare our clients for certifying the conformity of their data processing activities with Europrivacy and the European General Data Protection Regulation (GDPR), in order to: