The Cybersecurity Act

The Cybersecurity Act establishes the cybersecurity certification framework for products and services. The Act introduces an EU-wide cybersecurity certification framework for ICT products, services andprocesses. Companies doing business within the EU will benefit from having to certify their ICT products, processes and services only onceand see their certificates recognised across the European Union. The Cybersecurity Act itself is a framework, providing guidelines and in-formation for the inferior although more detailed effort for the operation of standardization organizations. Thanks to the legislator thisframework provides harmonized standards for the market. 

Automotive Industry

The Cybersecurity Act in itself doesn’t formulate any requirement directly to the market. A major cybersecu-rity challenge has been introduced to the automotive industry by the UNECE WP29 regulation. It is a preven-tive action to signifi cant cybersecurity risks. Hackers seek to access electronic systems and data, threateningvehicle safety and consumer privacy. WP29 introduces two new UN Regulations on Cybersecurity and Soft-ware Update entered into force in January 2021, which requires four distinct disciplines to be implemented: 

Managing vehicle cyber risks 
Securing vehicles by design to mitigate risks along the value chain 
Detecting and responding to security incidents across vehicle fleet 
Providing safe and secure software updates and ensuring vehiclesafety is not compromised, introducing a legal basis for so-called„Overthe – Air” (O.T.A.) updates to onboard vehicle software 
The objective of UN regulations no. 155 and no. 156 is to regulate cybersecurity for automotive players, intro-duced by the legislation: EU 2019/2144 
R155: Formation and operation of Cybersecurity ManagementSystem (CSMS) at organizational level 
R156: Formation and operation of Software Update ManagementSystem (SUMS) at organizational level 

It is the responsibility of car manufacturers to comply with legal requirements and ensure the cybersecurityof their complete supply chain. Effective in the EU from 6 July 2022 for new types and from July 2024 for allnewly manufactured vehicles. (Japan and South Korea follows a similar timeline.) 

This applies to passenger cars, vans, trucks and buses; Categories M and N + O if fi tted with at least one ECU+ L6 and L7 also if equipped with automated driving functionalities from level 3 onwards. 

Automotive Cybersecurity

Automotive cyber security is a challenge for car manufacturers. Every additional communication interface and component can be a potential vulnerability for cybercriminals. The possibilities for manipulation are growing rapidly, especially for self-driving vehicles or electronically controlled driving and braking functions. 

The UN has created two new regulations to define a basic framework for vehicle cybersecurity. These include the UNECE Cybersecurity (UN R 155) Regulation, which makes direct reference to the new ISO/SAE 21434 standard, and the UNECE Software Update (UN R 156) Regulation. The requirements for new vehicle types in the EU came into force in July 2022. The automotive industry is therefore facing serious challenges. 

The Importance of Automotive Cybersecurity

While the international standard ISO 27001 is a general approach to information security, the term automotive cybersecurity refers to the security of digital systems in the automotive industry. Our vehicles increasingly rely on networked electronic systems and software applications. As a result, the protection and security of these components is becoming increasingly important – across the industry. This process starts with vehicle manufacturers, then involves suppliers and engineering service providers, and includes software and ICT infrastructure providers. The United Nations has introduced two new regulations for manufacturers and their suppliers to ensure IT security in the automotive industry. 

 

Overview of ISO/SAE 21434

The ISO/SAE 21434 is a detailed list of requirements built into a standard in order to comply with the legal requirements of WP29. It is a description of the specifi c technical requirements, tasks, work products for the design and operation of the CSMS and the SUMS. 21434 is an independent certification/audit, which requiresa quality management system, therefore there are overlaps with ISO 16949 and ISO 9001 compliance. The ISO/SAE 21434 standard provisions the following aspects of cybersecurity management: 
Overall | Management of cybersecurity activities 
Project dependent | Design and implementation of cybersecurity activities with responsibilities 
Continuous | Permanent cybersecurity activities (monitoring, vulnerability analysis etc.) 
Risk assessment methods | Risk assessment 
Security by design | Cybersecurity activities during design, development, manufacturing and operation phases 
Distributed | Assure cybersecurity in the supply chain (verifi cation of suppliers) 

The regulation implies that ISO/SAE 21434 certifi ed suppliers/component manufacturers are preferred. It is the responsibility of car manufacturers to ensure that they comply with the legal requiements of WP 29. If acomponent manufacturer/supplier is certified, the car manufacturer can accept the conformity of the supplierand the supplied product, which is an incentive aspect for the supply chain to fulfil the cybersecurity requirements for themselves as well. 

Certification according to ISO 21434

ISO/SAE 21434:2021 “Road vehicles – Cybersecurity engineering” provides requirements and guidelines for the automotive industry in the area of vehicle cybersecurity. The standard aims to provide guidance to automotive companies for the assessment, design, development and testing of vehicle cybersecurity.


The process of ISO 21434 certification in a company typically involves the following steps: 

  1. Gap Analysis:  The company identifies its current cybersecurity practices and processes and compares them to the requirements outlined in ISO 21434. This helps in identifying any gaps that need to be addressed before seeking certification. 
  2. Training and Awareness: Employees are provided with training and awareness programs to understand the importance of ISO 21434 and its requirements. This ensures that everyone in the organization is on board with the cybersecurity measures. 
  3. Implementation:  The company starts implementing the necessary cybersecurity measures and practices as per the ISO 21434 guidelines. This may involve the installation of cybersecurity tools, updating software, and setting up incident response plans. 
  4. Documentation:Detailed documentation of all cybersecurity processes and measures is prepared, which will be reviewed during the certification audit. 
  5. Internal Audit:  The company conducts an internal audit to assess the effectiveness and compliance of its cybersecurity measures with ISO 21434. 
  6. Pre-assessment:  A pre-assessment is carried out to evaluate the organization’s readiness for the official certification audit. Any issues identified during the pre-assessment are addressed. 
  7. Certification Audit:  An accredited third-party certification body conducts the official certification audit. The auditor reviews the company’s documentation, processes, and practices to ensure compliance with ISO 21434. 
  8. Corrective Actions:If any non-conformities are identified during the audit, the company must take corrective actions to address them. 
  9. Certification:If the company meets all the requirements of ISO 21434, it is awarded the certification. The certificate is valid for a certain period and is subject to regular surveillance audits to ensure continued compliance. 

What are the benefits for the company?

  1. Enhanced cybersecurity: The certified company ensures a higher level of cybersecurity measures, reducing the risk of cyber-attacks and data breaches. 
  2. Compliance with industry standards:  The company’s adherence to ISO 21434 demonstrates its commitment to meeting international cybersecurity standards specific to the automotive industry. 
  3. Increased customer trust:  ISO 21434 certification enhances customer confidence in the company’s products and services, knowing that their data and safety are protected. 
  4. Competitive advantage:Being ISO 21434 certified sets the company apart from competitors, giving it a competitive edge in the market. 
  5. Access to new business opportunities:Many clients and partners require ISO 21434 certification as a prerequisite for collaboration, opening up new business opportunities for the company. 
  6. Better risk management:  The certified company is better equipped to identify and mitigate cybersecurity risks, ensuring a more robust risk management framework. 
  7. Improved incident response:With ISO 21434 compliance, the company develops efficient incident response plans, reducing the potential impact of cyber incidents. 
  8. Cost savings: A strong cybersecurity foundation leads to cost savings by preventing costly cyber incidents and damages. 
  9. Industry recognition: ISO 21434 certification is recognized globally, further enhancing the company’s reputation within the automotive industry. 
  10. Continual improvement: The certification process encourages ongoing evaluation and improvement of cybersecurity practices, ensuring the company stays at the forefront of cybersecurity advancements. 

The ISO/SAE 21434 standard (ISO/SAE 21434:2021) is not a binding standard, but a recommendation and guidance for automotive companies on vehicle cybersecurity. Automotive suppliers and partners are increasingly expecting companies to comply with cybersecurity standards as they demonstrate a company’s strong commitment to cybersecurity. Cybersecurity is of growing importance in the automotive industry as vehicles become more complex and interconnected and the risk of cyber-attacks increases. Compliance with this standard can provide benefits in terms of safety, reliability, competitiveness and market position.

Related services

The GDPR (General Data Protection Regulation) is a data protection regulation introduced by the European Union to regulate the processing and protection of personal data. The General Data Protection Regulation (GDPR) is the General Data Protection Regulation. ISO 27001 is an international standard for information security and privacy in the automotive industry. 

The link between these standards is in the area of privacy and security. The GDPR and ISO 27001 aim to ensure data protection, while 21434 focuses specifically on security and privacy measures in the automotive industry. For data stored and processed in vehicles in the automotive industry, both the GDPR and ISO 27001 guidelines are applicable. The 21434 standard helps vehicle manufacturers and suppliers to ensure that vehicles meet stringent data protection and security requirements. 

https://nah.gov.hu/admin/staticmedia/Reszletezo_okiratok/RO1-230601-6-0070-IG-11756640_a.pdf

Contact an accredited certification body that you trust. Accreditation always guarantees the competence, independence and international recognition of the conformity assessment body. TAM CERT’s Cybersecurity Certification Body is a product certification body accredited by NAH under NAH-6-0070/2023 and, with regard to the scope of accreditation, NAH is a signatory to the EA MLA in the fields of testing, calibration, proficiency testing, verification, product certification, management system certification, personnel certification and validation.

Contact a certification body you trust. Accreditation is always a guarantee of readiness. TAM CERT is an accredited cybersecurity certification body, our accreditation can be accessed at:

https://nah.gov.hu/admin/staticmedia/Reszletezo_okiratok/RO1-230601-6-0070-IG-11756640_a.pdf.

Product Certification

Hungarian manufacturers and distributors primarily intend to be present in the domestic and EU markets, but also global markets attract many of them. Each market has different technical- and legal regulations to govern the terms and conditions of distribution and commissioning. 

In the EU countries, different compliance procedures have to be followed, depending on the hazards posed by the use of the product. Such procedures range between a manufacturer’s declaration of conformity / CE / and the inspection and certification of the products by third parties. 

TAM CERT bases its product certification activities on its accreditations and notifications to assess compliance and to certify products, processes and services. We are Hungary’s EU notified body, under the No. NB 2102. 

The certifications issued by us as an independent third party provide a reliable support for manufacturers or distributors active in markets with differing regulations. Involvement of TAM CERT means that the manufacturer’s declarations of conformity will be issued objectively, thus significantly decreasing associated risks, even in cases where such third party certifications are not required by directives. 

Professional POC: 

Zsolt Soós 
E: zsolt.soos@tamcert.hu 
P: +36 30 999 9396 

System certification

The System Certification Division conducts its certification activities based on its own (national) accreditations and the accreditation authorizations of its international partners.

The national accreditation, overseen by the National Accreditation Authority (NAH), extends to certifications according to ISO 9001, ISO 14001, ISO 45001, ISO 50001, ISO 37001, ISO 27001, and ISO/TS 22163 standards. As NAH is a member and signatory of the European Accreditation Cooperation (EA MLA), the certificates issued by NAH-accredited organizations are globally accepted, recognized, and equivalent to certificates issued by other international organizations.

Our main operational principle is to help our partners continuously improve their management efficiency and, indirectly, their competitiveness and market value through the issuance of certificates, while adhering to the highest accreditation requirements and providing high-quality certification services under the motto “Trust is our standard.” We strive to effectively respond to the changing needs of the economic environment and its stakeholders while maintaining professional independence and impartiality.

By continuously developing our professional resources and services, we aim to build and maintain reliable, long-term, and fair partnerships.

Types of system certifications conducted within the scope of our own accreditation:

  • ISO 9001 Quality Management System (QMS) Certification 
  •  ISO 14001 Environmental Management System (EMS) Certification 
  •  ISO 45001 Occupational Health and Safety Management System (OHSMS) Certification 
  • ISO 50001 Energy Management Systems (EnMS) Certification 
  •  ISO 37001 Anti-Bribery Management System (ABMS) Certification 
  •  ISO/IEC 27001 Information Security Management System (ISMS) Certification 
  •  ISO/TS 22163 (RQMS/IRIS) Railway Quality Management System Certification 

For companies operating multiple different management systems, an efficient solution is the simultaneous, integrated, or combined certification of these systems. This increases the efficiency of their existing, separate systems, simplifies documentation, and saves time, energy, and costs.

Personnel Certification

TAM CERT Hungary Ltd., as an independent third-party organization, certifies that the professionals of a company, business, or institution possess the theoretical knowledge, professional experience, and expertise required to perform specific activities. 

For companies and institutions operating in the economy, it is crucial to know the qualifications and authorizations their employees have for specific work and services. 

In Hungary and the European Union, several national and international regulations, along with industry-specific requirements, define the qualifications expected from personnel working in installation, construction, maintenance, repair, manufacturing, and operation sectors. 

TAM CERT Hungary Ltd., as an independent third-party certification body, certifies the knowledge and skills outlined in laws and standards, acting as an accredited, designated, or registered conformity assessment body. 

Following the training courses offered by companies or training institutions, TAM CERT Hungary Ltd. issues multilingual certificates upon successful examination. Exams can be conducted either at TAM CERT Hungary Ltd.’s own facilities or at the client’s site, whether in Hungary or abroad, provided that the conditions for the examination are met. 

Our key personnel certifications include: 

  • Welder Qualification: According to the MSZ EN ISO 9606 series of standards, under NAH accreditation or in line with Directive 2014/68/EU with PED extension, certified by TAM CERT or TÜV Austria. 
  • Operator Qualification: According to MSZ EN ISO 14732, based on Directive 2014/68/EU with PED extension. 
  • Flange Fitter Certification: According to DIN EN 1591-4:2013, certified by TAM CERT or TÜV AUSTRIA. 
  • SCC Certificate: For managers and operational staff. 

For more information regarding personnel certification, please feel free to contact our experts. 
Information about welder certifications issued by TAM CERT after October 3, 2019, and certified with qualified electronic authentication, can also be directly queried through our E-CERT certification verification service on our website. 

Energy consulting activity

The use and possession of energy has always been of decisive importance in the history of mankind, but this is of particular importance today. Safe energy production and transportation, which can satisfy current consumer needs, both in terms of quantity and quality, is a key factor in the sustainable development of our society. In addition to the needs of households, electricity is an integral part of telecommunications, education, healing, transport, but it is essential for the operation of banking and other financial systems or public administration. 

The activities of our business line cover both conventional and nuclear power generation equipment. The security of energy production has two closely related contents. It means, on the one hand, security of supply and, on the other, technical security, which is, of course, further linked to the security of the environment and society, including the population. 
Development is intensive, the various forms of renewable energy production are particularly spectacular, and today the basic criteria of our decisions and investments are the way and extent of energy use and the conscious choice of the origin of energy. 

When examining the subject of energy, we must not forget about oil installations either. The basic need for land, water, and air transport is to have, store, and transport fuel of the right quality to the place of use. 

For organizations that produce, convert and deliver energy to the place of use, we provide: 

  • technical risk analyzes for their decisions, 
  • test and environmental measurements, 
  • technical supervision for the implementation of their projects, 
  • due diligence and bankability expert roles for their financial decisions 

The development of the elements, control technology and management of energy systems, digitization and networking expect engineers to provide technical solutions that, in addition to providing traditional security elements, also control the vulnerability associated with increasing complexity. The employees of TAM CERT Magyarország Kft. explore, analyze and / or certify the conformity and effectiveness of these physical, human, system and cyber risks. 

We provide security in terms of technology and security of supply throughout the entire chain of energy production, energy investments, and consumption of the energy produced. 

In case of questions related to the services of TAM CERT MAGYARORSZÁG Kft.,please contact us with confidence, we are also available for further professional questions! 

Industrial consulting activity

Citius Altius Fortius” – Faster higher stronger! 

The thoughts of baron Coubertin regarding sport are fully valid for the person ambitious in the economic life and for his enterprise too.  

The technological convergence and the more and more complex production processes together with the connected ever increasing investment value meets the demand of the authorities the moneylenders and surrounding communities relating riskhandling.  

In this intersection appears theconcept of technical surveillance which makes the judgement of the running processes objective for the in-vestors the contractors and suppliers as well as for the further stake holders.  
This is a function with responsibility for which several preparedness elements needs as well TAM CERT to possess when it practises technical surveillance.  

In the course of large investments – evenoil- and gas, energetic, chemical industrial, machine manufacturer, car industrial– project-oriented imple-mentation and construction is typical. On this complex undertakings a large number of suppliers are present which have to perform in the same time remaining in the frame of the same budget.Quality-management and independent surveillance of the projects obviously means value-assurance and investment-protection including the elements of the management-logic of the project and conformity with the relevant prescriptions directives and engineering norms and detecting preventing of the risks.  

As a notified organization on the fields ofPED, SPVandCPRin the European countries we possess accepted competences beside home accreditations and assignments.  It is a clear task for a TAM CERT NoBo expert thatthe payback and thrift of the more and more expensive investments has the same importanceas the judgement and control of the risk of the dangerous and critical production- and conversion processes.  
We can utilize our experiences realized in this field on such surveillance jobs where we don’t carry out activities through our assignments.  

Please entrust the technical surveillance of your projects to our company and our responsibility-taking will immediately and safely return to all our clients. 

Information and Cybersecurity

TAM CERT Magyarország Vizsgáló és Tanúsító Kft. has been selected and qualified as Europrivacy™® official partner by the European Centre for Certification and Privacy. We support and prepare our clients for certifying the conformity of their data processing activities with Europrivacy and the European General Data Protection Regulation (GDPR), in order to: 

  • Identify and reduce legal and financial risks through the Europrivacy audit and gap analysis 
  • Improve reputation and access to the market through the Europrivacy GDPR certification 
  • Build trust and confidence through continuous updates and monitoring