← Back to About Us
Type Approval · UN R155
Cybersecurity Management System
Windrose holds UN Regulation No. 155 type approval, confirming that its Cybersecurity Management System (CSMS) meets the requirements of WP.29 for the full vehicle cybersecurity lifecycle — from concept and design through production, operation, and decommissioning.
Certificate No.
CYPRUS·CERT·1032·00
Regulation
UN R155 (WP.29)
System
CSMS — WR-CMS-04
Issue Date
17 April 2025
Document Ref.
R155体系证书20250417
Total Pages
29
01
Management System Scope
Governing Documents
- Vehicle Cybersecurity Management Manual Tier 1 — overarching policy
- Document & Records Control Procedure Tier 2
- Human Resources Control Procedure Tier 2
- Engineering Change Control Procedure Tier 2
- Internal Audit Control Procedure Tier 2
- Management Review Control Procedure Tier 2
- Corrective Improvement Control Procedure Tier 2
- Lifecycle / Procurement / After-sales Control Procedures Tier 2
- Information Security / Information Sharing Management Measures Tier 3
- Change / Requirements / Configuration / Tool Management Measures Tier 3
- Milestone Review / Product Consistency / Computer Network Security Measures Tier 3
- Information Monitoring / Vulnerability / Emergency Response / Recall Measures Tier 3
- Supplier / TARA Management Measures Tier 3
Key Processes
- Internal audit cycle — 1–2 times per year
- Management review — once per year
- Personnel training and competency review
02
Vehicle Cybersecurity Lifecycle
Governing Documents
- Vehicle Cybersecurity Lifecycle Management Procedure
- TARA Management Measures
- Change Management Measures
- Requirements Management Measures
- Configuration Management Measures
- Tool Management Measures
- Vehicle Development Project Initiation Process
- Test Management Measures
Key Processes
- Full lifecycle flow: Concept → Design → Mass Production → Operation → End-of-Life
- TARA 5-step threat and risk assessment
- G1–G8 milestone gate reviews (G7/G8 gates yield VTA certificate)
- Cybersecurity requirements verification and security confirmation testing
03
Post-Production Security
Governing Documents
- Information Monitoring and Management Measures
- Emergency Response Management Measures
- Vulnerability Management Measures
Key Processes
- Cybersecurity information monitoring → incident determination
- Three-tier emergency response: Daily Operations Group → Implementation Group → Leadership Group
- Vulnerability lifecycle: Discovery → Recognition → Assessment → Remediation → Verification → Closure
04
Supplier Management
Governing Documents
- Procurement Control Procedure
- Supplier Management Measures
Key Processes
- Supplier qualification and onboarding
- SOR and CIA agreement execution
- Delivery inspection and quality control
- Ongoing supplier performance evaluation