Preparation for implementing CSMS & SUMS systems – cyber security compliance assessment in the context of the R155 and R156 regulations

Solwit’s expertise in cutting-edge high-security projects extends not only to software development and testing but also to cyber security audits. We shared our experience with BMZ Poland, a leader in the European market for lithium-ion intelligent power systems, performing a zero-state audit for them prior to the implementation of a cyber security management system (CSMS) and a software update management system (SUMS), both based on ISO 21434:2021 and ISO 24089:2023 standards.

Both systems were introduced in connection with regulations R155 and R156 (these regulations require OEMs to have well-structured and documented cyber security processes), and our client needed to review its procedures under external scrutiny.

Preparation for a compliance assessment of cyber security regulations.

The first step was to define the collaborative process, which was as follows:

cybersecurity audit process

A deadline and a contact person were assigned to each stage. During discussions with the client, we determined priorities and expectations. We planned and optimized the IT work to fit our client’s business profile as much as possible. Our IT team comprises three specialists with varying areas of expertise: an embedded domain expert, a security tester, and a quality assurance engineer. The combination of individually-selected competencies, matched with the relevant industry’s requirements, hit the jackpot. In preparation for the IT security audit, we familiarised ourselves with the documentation of the organization’s existing processes, the road vehicle products to be reviewed, the software development, and the people involved in the project.

The cooperation with BMZ throughout the review process was smooth. The required documents were provided to us in a timely manner, and stakeholders were thoroughly prepared. This resulted in very comprehensive discussions about existing processes and standards.

Piotr Strzałkowski, Embedded Domain Expert, member of the audit team

After this stage, a comprehensive review plan was created, including timelines, a list of topics, and stakeholders with whom our team spoke. This is a significant moment, if not the most critical of the entire review – during face-to-face meetings with the client’s employees, we addressed topics related to processes, the running of technical projects, and the IT culture in their organization. These discussions revealed additional aspects that we hadn’t taken into account at the planning stage due to the specifics.

The Solwit team demonstrated a meticulous approach while studying our processes and efficiently conducting stakeholder meetings; the conclusions drawn are valuable. It is also worth highlighting their readiness to support us after receiving the report results – they offered assistance at almost any time.

Damian Bałdyga, Quality Director, BMZ Poland Sp. z o.o.

Analysis and acceptance of the IT security audit

Stakeholder interviews were the final step in the client involvement process. Our cyber-security analysis results in a comprehensive report that highlights the company’s strengths and weaknesses regarding its security processes. We also mapped the standards and guidelines onto the client’s business profile – we interpreted the regulations and translated them into specific recommendations, identifying places where IT security activities are required. Following our compliance assessment, we provided the client with a document that summarized the results of the software update management system (SUMS) and the cyber security management system (CSMS), created in accordance with ISO 21434:2021 and ISO 24089:2023 standards so that the company could implement the missing elements step by step and enhance its security.

Solwit SA performed a zero audit for us of the Cyber Security Management System (CSMS) and the Software Update Management System (SUMS), developed based on ISO 21434:2021 and ISO 24089:2023 standards. The collaboration with Solwit’s engineers translated into a comprehensive report on our procedures review. This will help us comply more efficiently with regulations R155 and R156. Cyber security is our top priority, so the recommendations compiled during the audit are highly critical to us. The Solwit team showed diligence when examining our processes and conducted stakeholder meetings efficiently, and the conclusions drawn proved very useful. It is also worth mentioning their readiness to support us even after we handed over the report results – they offered their experience at almost any time. The zero review was performed professionally, on time, and in accordance with applicable standards. The auditors’ competence is particularly noteworthy – Solwit’s three-person team is undoubtedly cyber security-savvy.

 Damian Bałdyga, Quality Director, BMZ Poland Sp. z o.o.

Over the past decade, Solwit has collaborated with a number of clients to develop software quality testing processes and implement rigorous testing procedures (ISO 26262, ISO 21434, SAE J3061, R155, and R156). We bring experience in auditing and preparing for automotive industry changes. We are also distinguished by our certifications, e.g., ISO 27001. If you need help implementing the R155 / R156 standards, get in touch with us.

Preparation for implementing CSMS & SUMS systems – cyber security compliance assessment in the context of the R155 and R156 regulations
Poland, manufacturing
Cyber security audit
R155 / R156
ISO 21434:2021
ISO 24089:2023
Let's talk about your project
Let's talk about your project:

Tell us exactly what you need.


Let's set the priorities and the order in which your software's functionalities / features / changes will be implemented.


What is the estimated timeframe for when you need to have your solution ready?

We will be happy to answer any questions
Newest case studies
Mobile and web banking applications testing
Software testing
Web and mobile NTP support application
Software development
Development and maintenance of the IoT system for energy management in buildings
Software development
Breaking down the system monolith into microservices
Business in the cloud
Web application refactoring and a new framework for rapid banking application development
Software development
Modern CI/CD on LMS platform for e-learning
Business in the cloud
the form below.
We will contact you to set up
a conversation at the convenient
moment for you.