Alexander Dennis has announced that its cyber security management system (CSMS) has been certified by the United Kingdom’s Vehicle Certification Agency (VCA) in accordance with UN Regulation 155. The successful certification follows an audit by VCA experts that analysed documents, tools, templates and processes against the requirements of Regulation 155 as well as carrying out interviews with key members of staff involved in the operation of the processes.
The approval shows that Alexander Dennis has comprehensive safeguards in place to minimise and adequately manage the risks of malicious attacks during development, production and post-production of vehicles. It further represents a major milestone, says the manufacturer, in a commitment to vehicle cyber security which underpins the development of future products and services.
UN Regulation 155 provides internationally recognised requirements to assess vehicle cyber security and vehicle cyber security management systems. The Alexander Dennis team has also used ISO SAE 21434 on cybersecurity engineering for road vehicles in order to develop the CSMS, further adopting internationally recognised best practice. Compliance is not currently mandatory in the UK market.
Group Engineering Director Chris Gall said: “We take all aspects of security at every stage of a vehicle’s life extremely seriously. A robust cyber security management system is key to minimise the risk of malicious interference and we are proud to have put this in place and have its compliance recognised by the VCA. By following the standards of UN Regulation 155, we can be sure to have a solid framework to protect our and our customers’ data, assets and technology.”