Solwit’s expertise in cutting-edge high-security projects extends not only to software development and testing but also to cyber security audits. We shared our experience with BMZ Poland, a leader in the European market for lithium-ion intelligent power systems, performing a zero-state audit for them prior to the implementation of a cyber security management system (CSMS) and a software update management system (SUMS), both based on ISO 21434:2021 and ISO 24089:2023 standards.
Both systems were introduced in connection with regulations R155 and R156 (these regulations require OEMs to have well-structured and documented cyber security processes), and our client needed to review its procedures under external scrutiny.
The first step was to define the collaborative process, which was as follows:
A deadline and a contact person were assigned to each stage. During discussions with the client, we determined priorities and expectations. We planned and optimized the IT work to fit our client’s business profile as much as possible. Our IT team comprises three specialists with varying areas of expertise: an embedded domain expert, a security tester, and a quality assurance engineer. The combination of individually-selected competencies, matched with the relevant industry’s requirements, hit the jackpot. In preparation for the IT security audit, we familiarised ourselves with the documentation of the organization’s existing processes, the road vehicle products to be reviewed, the software development, and the people involved in the project.
The cooperation with BMZ throughout the review process was smooth. The required documents were provided to us in a timely manner, and stakeholders were thoroughly prepared. This resulted in very comprehensive discussions about existing processes and standards.
Piotr Strzałkowski, Embedded Domain Expert, member of the audit team
After this stage, a comprehensive review plan was created, including timelines, a list of topics, and stakeholders with whom our team spoke. This is a significant moment, if not the most critical of the entire review – during face-to-face meetings with the client’s employees, we addressed topics related to processes, the running of technical projects, and the IT culture in their organization. These discussions revealed additional aspects that we hadn’t taken into account at the planning stage due to the specifics.
The Solwit team demonstrated a meticulous approach while studying our processes and efficiently conducting stakeholder meetings; the conclusions drawn are valuable. It is also worth highlighting their readiness to support us after receiving the report results – they offered assistance at almost any time.
Damian Bałdyga, Quality Director, BMZ Poland Sp. z o.o.
Stakeholder interviews were the final step in the client involvement process. Our cyber-security analysis results in a comprehensive report that highlights the company’s strengths and weaknesses regarding its security processes. We also mapped the standards and guidelines onto the client’s business profile – we interpreted the regulations and translated them into specific recommendations, identifying places where IT security activities are required. Following our compliance assessment, we provided the client with a document that summarized the results of the software update management system (SUMS) and the cyber security management system (CSMS), created in accordance with ISO 21434:2021 and ISO 24089:2023 standards so that the company could implement the missing elements step by step and enhance its security.
Solwit SA performed a zero audit for us of the Cyber Security Management System (CSMS) and the Software Update Management System (SUMS), developed based on ISO 21434:2021 and ISO 24089:2023 standards. The collaboration with Solwit’s engineers translated into a comprehensive report on our procedures review. This will help us comply more efficiently with regulations R155 and R156. Cyber security is our top priority, so the recommendations compiled during the audit are highly critical to us. The Solwit team showed diligence when examining our processes and conducted stakeholder meetings efficiently, and the conclusions drawn proved very useful. It is also worth mentioning their readiness to support us even after we handed over the report results – they offered their experience at almost any time. The zero review was performed professionally, on time, and in accordance with applicable standards. The auditors’ competence is particularly noteworthy – Solwit’s three-person team is undoubtedly cyber security-savvy.
Damian Bałdyga, Quality Director, BMZ Poland Sp. z o.o.
Over the past decade, Solwit has collaborated with a number of clients to develop software quality testing processes and implement rigorous testing procedures (ISO 26262, ISO 21434, SAE J3061, R155, and R156). We bring experience in auditing and preparing for automotive industry changes. We are also distinguished by our certifications, e.g., ISO 27001. If you need help implementing the R155 / R156 standards, get in touch with us.
Tell us exactly what you need.
Let's set the priorities and the order in which your software's functionalities / features / changes will be implemented.
What is the estimated timeframe for when you need to have your solution ready?
