top of page

Cybersecurity Management System and TARA for UNECE R155 Compliance for Fortune 50 Automotive OEM

Updated: Mar 29

UNECE R155 compliance for automotive OEM illustration


A Fortune 50 international original car manufacturer (OEM) was in the midst of a UNECE R155 compliance initiative to identify and address gaps in their vehicle Cybersecurity Management System (CSMS). Failure to become compliant would prevent the OEM from being able to sell new vehicle models in the U.S. and across Europe. The OEM lacked the in-house expertise and resources to achieve their business goals and turned to Strategic Alliance Consulting (SAC), an automotive cybersecurity services company, to architect the UNECE R155 compliance solution.

CSMS UNECE R155 Compliance Solution

CSMS for UNECE R155 compliance graphic

SAC quickly deployed an experienced solutions architect who conducted a discovery phase with the OEM to ascertain where they were at in their compliance journeys. SAC's solutions architect analyzed and remediated the identified gaps in the "ISO/PAS 5112:2022 - Road vehicles — Guidelines for auditing cybersecurity engineering"

OEM Solution

The consultant partnered with the OEM to address gaps within the following areas:

• Incident Response Plan

• Production Update

• End of Cybersecurity Support

• Decommissioning

• Supply Chain Management

Additionally, the consultant prepared an Incident Response Plan (ISO/SAE 21434:2021 WP-13-01) template to capture and retain all pertinent cybersecurity information about the required cybersecurity incident response plan and facilitate remediation of identified vulnerabilities. This included:

• Remedial Actions

• Communication Plan

• Roles and responsibilities during an incident response

• Progress monitoring

• Closure criteria

• Closure actions

Threat Analysis and Risk Assessment (TARA):

In addition, SAC worked with the OEM to perform a comprehensive Threat Analysis and Risk Assessment (TARA), for the Target of Evaluation (TOE) (i.e., the item or system that will be integrated into a vehicle). This is as per the TARA definition (ISO/SAE 21434:2021 WP-09-02 and Clause 15). This included first identifying the system's architecture, and then performing a complete TARA to identify all the threats, potential damage scenarios, risks, and ultimately determine and document the correct mitigation strategy.


The engagement was a success, and the OEM was able to move to the next phase towards obtaining a Certificate of Compliance for UN Regulation 155 for their CSMS. SAC’s ability to identify a clear compliance path and coach their organization through the process proved to be instrumental in opening markets for its new vehicles.


Learn more about SAC's Cybersecurity Compliance Solutions

Are you interested in making your organization compliant with cybersecurity regulations? Our team has partnered with organizations to achieve HIPAA compliance, SOC2 compliance, PCI compliance, and more. We also offer vCISO-as-a-service for organizations who need to build their cybersecurity infrastructure from the ground-up, or NIST assessments to help you roadmap your way to cybersecurity maturity.

Check out all our cybersecurity success stories to explore other ways we can assist your organization.

Are you ready to accelerate your journey to cybersecurity maturity? Contact our team today!


bottom of page