In a two-year project, MHP Consulting and Bentley Motors have worked together to develop robust cybersecurity and software update management systems (CSMS and SUMS) tailored to the Bentley landscape, ensuring compliance with the UNECE World Forum for Harmonization of Vehicle Regulations (WP.29). Bentley has successfully achieved certification with zero non-conformities.
As of July 2024, OEMs must adhere to the UNECE regulations to sell any vehicle and product within its 56 member states. Notably, the key regulations include R155, which focuses on cybersecurity, and R156, which addresses software updates. In addition to achieving compliance, OEMs must implement the necessary supporting management systems across their organizations to maintain that compliance. These systems must also be audited by a technical service for the OEMs to sell vehicles in UNECE regions.
Chris Cole, product line director Bentley Motors, said, “We’re proud of this close collaboration with MHP Consulting UK, and the fact that Bentley has met the cybersecurity legislative requirements set out by the United Nations Economic Commission for Europe. Not only have our joint teams achieved certification with zero non-conformities, they have pushed the boundaries of innovation, further entrenching cybersecurity as a cultural imperative into the Bentley brand. This is a major achievement for our team and ultimately means that our GT range of vehicles meets the highest cybersecurity and software update management systems.”
As part of this initiative, even though Bentley’s systems were already highly advanced and largely aligned with UNECE requirements, the company still needed to ensure full compliance with both R155 and R156 regulations to meet regulatory and type approval standards. To do so, Bentley turned to MHP Consulting for expertise and support. The project leading to Bentley’s successful compliance was delivered in two key stages.
In the initial phase of their collaboration, Bentley and MHP Consulting UK took a proactive approach by engaging with a technical service to help develop the necessary concepts and processes in line with UNECE requirements, supporting Bentley’s strategic direction and regulatory compliance. As a result of this close partnership, Bentley focused on communication with external auditors and regulatory authorities, while MHP Consulting UK documented the key actions, insights and behaviors related to the initiative. The successful audit preparation included:Â
- Sophisticated audit strategy development – executing a thorough dress rehearsal.
- Successful integration of requirements in new and existing processes and their implementation.
- Successful adaption of group-wide policies and processes (e.g. ISO21434 / R155/156).
- High process maturity in consideration of ISO21434​.
- Successful onboarding of CSMS/SUMS relevant IT tools.
- High managerial commitment.
Well-structured governance ensured that policies and practices were well-defined and aligned with industry standards. ​
Phase 2 of the project involved operationalizing, executing and running Bentley’s customized CSMS/SUMS management system, which would not have been possible without the solid foundation established in Phase 1 as this foundation enabled the program to deliver a successful first surveillance audit. Phase 2 accomplished the following:
- A strong program governance structure.
- Extensive surveillance audit preparation. ​
- Collected concrete evidence about the process operationalization.
- Worked closely and in a cross-functional manner with the business​.
- Demonstration of running CSMS and SUMS relevant IT tools across the business​.
According to MHP Consulting, the use of innovative program management tools also supported strong and transparent oversight throughout the initiative. In addition, Bentley strengthened its cybersecurity culture through awareness and communication campaigns, such as CS Tech Talks and monthly reports. This approach strategically positioned the business for the long-term integration of CSMS and SUMS into Bentley’s day-to-day operations.
Bodo Philipp, CEO of MHP Consulting UK, commented, “Achieving UNECE compliance is crucial for an OEM’s market access, and can therefore mean a bottom-line impact of millions, even billions, depending on the brand. It is key for OEMs to work with proven experts that can help them to navigate the regulatory landscape successfully – especially as the industry becomes more and more dependent on data, internet access and connected services.
“Our teams have done incredibly successful transformative work together. They’ve led the charge on this initiative, and have set new standards within Bentley – a fantastic achievement.”