Bentley Motors and MHP Consulting UK: A Milestone in Cybersecurity Compliance
In an era where connected vehicles are becoming the norm, Bentley Motors has taken a significant step towards ensuring the cybersecurity of its vehicles. In collaboration with MHP Consulting UK, Bentley has successfully completed a project aimed at aligning its operations with the United Nations Economic Commission for Europe (UNECE) vehicle regulations on cybersecurity and software updates. This partnership has culminated in Bentley achieving certification with zero non-conformities after a rigorous 24-month process.
Understanding UNECE Vehicle Regulations
As the automotive industry evolves, so too do the challenges associated with cybersecurity. The UNECE has established regulations—specifically, R155 for cybersecurity and R156 for software updates—that original equipment manufacturers (OEMs) must adhere to in order to sell vehicles in its 56 member states. Starting July 2024, compliance with these regulations will be mandatory, making it essential for manufacturers like Bentley to demonstrate effective systems that protect both vehicles and their users.
Beyond mere compliance, OEMs are required to maintain robust management systems and pass audits by technical services to continue operations within UNECE regions. Bentley, already equipped with advanced systems, partnered with MHP Consulting to ensure that its practices aligned with these stringent regulations.
A Two-Stage Project Approach
The Bentley-MHP project unfolded in two primary phases, each designed to address specific aspects of compliance.
Phase 1: Shaping Cybersecurity Management Systems
The first phase focused on developing the necessary Cybersecurity Management System (CSMS) and Software Update Management System (SUMS) in accordance with UNECE requirements. Bentley and MHP Consulting collaborated with a technical service to create and embed processes that reinforced Bentley’s strategic regulatory compliance.
During this phase, MHP Consulting meticulously documented the journey towards compliance, capturing key actions and behaviors. Bentley engaged with external auditors and regulatory authorities, preparing for audits through a comprehensive strategy that included a detailed ‘dress rehearsal.’ This preparation also involved integrating new requirements into existing processes, aligning with group-wide policies such as ISO 21434, and onboarding relevant IT tools. A structured governance model ensured that policies and practices met industry benchmarks, leading to a successful certification audit with no identified non-conformities.
Phase 2: Operationalizing Management Systems
The second phase was dedicated to operationalizing and executing the management systems established in Phase 1. This involved developing a robust governance structure, preparing for surveillance audits, and demonstrating the effective use of relevant IT tools across Bentley’s business operations.
Extensive internal training and communication campaigns, such as CS Tech Talks and monthly reports, were implemented to embed a cybersecurity culture within the organization. The use of program management tools facilitated the integration of cybersecurity practices into Bentley’s routine operations.
Management Perspectives
The successful collaboration between Bentley and MHP Consulting has been met with enthusiasm from both parties. Chris Cole, Product Line Director at Bentley Motors, expressed pride in the achievement, stating, "We’re proud of this close collaboration with MHP Consulting UK, and the fact that Bentley has met the cybersecurity legislative requirements set out by the United Nations Economic Commission for Europe. Not only have our joint teams achieved certification with zero non-conformities, they have pushed the boundaries of innovation, further entrenching cybersecurity as a cultural imperative into the Bentley brand."
Bodo Philipp, CEO of MHP Consulting UK, emphasized the importance of achieving UNECE compliance for OEMs, noting that it can significantly impact market access and financial performance. He remarked, "Achieving UNECE compliance is crucial for an OEM’s market access, and can therefore mean a bottom-line impact of millions, even billions, depending on the brand."
Long-Term Integration and Future Implications
The successful certification allows Bentley’s GT vehicles to be sold across the UNECE’s 56 member states, ensuring that cybersecurity is not just a one-time achievement but a long-term commitment. The systems and governance structures developed during this project are designed to support ongoing compliance and protect Bentley’s vehicles and customers from evolving cyber threats.
As the automotive landscape continues to shift towards greater connectivity, Bentley’s proactive approach to cybersecurity sets a benchmark for the industry. This collaboration with MHP Consulting not only enhances the safety and security of Bentley’s vehicles but also reinforces the brand’s commitment to innovation and excellence in an increasingly complex regulatory environment.