Alexander Dennis, a subsidiary of NFI Group Inc., a leader in propulsion-agnostic bus and coach mobility solutions, today announced that its Cyber Security Management System (CSMS) has been re-certified and its Software Update Management System (SUMS) certified by the United Kingdom’s Vehicle Certification Agency (VCA) in accordance with UNECE Regulations 155 and 156 respectively.
Alexander Dennis’s commitment to the highest standards of cybersecurity encouraged the company to introduce comprehensive business-wide systems in support of the development of its next-generation electric buses, ensuring that their design, production and ongoing support is underpinned by robust protections.
UNECE Regulation 155 provides internationally recognised requirements for vehicle cybersecurity and vehicle cybersecurity management systems. The successful re-certification of Alexander Dennis’s CSMS follows an audit by VCA experts that analysed the manufacturer’s documents, tools, templates and processes against the requirements of the regulation alongside interviews with key members of staff involved in the operation of the processes.
The Alexander Dennis team has also used ISO/SAE 21434 on cybersecurity engineering for road vehicles to develop the CSMS, further following internationally recognised best practice.
Similarly, UNECE Regulation 156 defines provisions for vehicle software update management systems. Alexander Dennis’s SUMS has received initial certification following an in-depth audit by the VCA experts, underpinned by further best practice using ISO 24089 on software update engineering for road vehicles in its development.
The SUMS enables Alexander Dennis to develop and maintain software used on its buses to increase functionality where required whilst ensuring the vehicles’ safety and cybersecurity. It also helps to ensure that Alexander Dennis and its zero-emission buses are prepared for future innovations and regulatory requirements.
The dual certification follows over £1m in cybersecurity engineering investment by Alexander Dennis over the past four years.
Chris Gall, Group Engineering Director for Alexander Dennis, said: “Achieving certification under UNECE Regulations 155 and 156 is a significant milestone that reflects our unwavering commitment to cybersecurity and software integrity.
“We are proud to have put robust cybersecurity and software update management systems in place and have their compliance recognised by the VCA. This gives us a solid framework to protect our and our customers’ data, assets and technology.”