Cybersecurity management system audit
Required for type approval of new vehicle types since 2022; all new vehicles since 2024-07. The CSMS itself is the artefact under audit.
The CSMS, built for the regulated era.
One orchestrator for ISO/SAE 21434, UN R155, EU CRA, ISO/IEC 27001 and NIST CSF. Deterministic TARA, evidence with provenance, and audit-grade traceability - across nine domains, in one operating model.
§01 THE ASK FROM THE REGULATOR
Five regulatory regimes. One operating model. No more shadow spreadsheets.
Type-approval clocks are running. UN R155 already requires a certified CSMS for new vehicle types. The EU CRA enters full enforcement in December 2027 - with a 24-hour reporting window for actively-exploited vulnerabilities that starts ticking now. Meanwhile your TARAs, SBOMs, audits, incidents, evidence and decisions live in eight different tools.
CSMS Orchestrator is the management-system layer that ties them together: deterministic risk derivation, content-addressed evidence, branched editing, and a process engine that actually runs. Use it alongside the tools you already have - or as your standalone CSMS - on day one.
Manufacturer obligations & CE marking
Conformity assessment, technical documentation, secure-by-design, security-update policy, vulnerability handling. 24h / 72h reporting windows precede the main obligations.
Deterministic, defensible TARA
Damage scenarios, threat scenarios, attack feasibility, risk values, treatment. Every override carries a rationale; every snapshot is reproducible.
§02 THE PLATFORM IN ONE PAGE
Four layers. Nine domains. One coordinator.
The orchestrator is built in deliberate layers: a canonical data model at the foundation, deterministic engines per domain above it, a coordination module that resolves interdependencies and runs the event bus, and an editorial UI on top. [FR-ENG]
Standards are data, not code. Adopting UN R155 or the CRA is a row in a catalog that derives obligations, applicable risk methods, required evidence and downstream workflows into every domain that needs them. Un-adopt and they gracefully fall to not-applicable - your tenant work is preserved. [STD-021]
UX
UI
Engines
Data
§03 THE NINE DOMAINS
Everything a CSMS must actually do.
Each domain is a real engine with real records - not a tab. Foundational domains (Governance, Asset/Product) carry the others; operational domains hard-depend on them so cross-domain rollups always work.
§04 HOW IT WORKS
Three pillars. Real engineering.
01
Standards-driven derivation
Select your standards and regions. The orchestrator derives obligations, policy requirements, applicable risk methods, required evidence types and downstream workflows - into every domain that consumes them. No code change.
- → UN R155 · ISO 21434 · CRA · NIS2 · 27001 · 24089 · NIST CSF · IEC 62443
- → Industry & region baselines
- → Crosswalks via typed trace_link rows, not JSON arrays
02
Deterministic execution n8n
Author processes in the orchestrator's flow editor. They compile to an n8n workflow that actually runs - schedules, webhooks, triggers, the lot. Executions mirror back as real ProcessRuns with per-step traceability.
- → Bidirectional sync (CSMS ↔ n8n) reconciled via git-style merge
- → n8n-only nodes (Slack, HTTP, …) round-trip losslessly
- → Signed callbacks; queue-mode runtime; self-hosted
03
Git-style versioning, by default
Every governed artefact - policy, process, method, risk model, decision - is content-addressed and branchable. Edit in a per-user draft, open a branch, compare with a tagged release, restore at any commit. Audit-grade out of the box.
- → Per-artefact commit chains · branches · drafts · tags
- → Optional GitHub mirror of the operating model
- → Pinned, reproducible TARA snapshots
§05 STANDARDS COVERED
Standards are data. Adopt any. Prove every clause.
Industry-agnostic by design. The catalog covers automotive, software, industrial, healthcare, energy and ICT regulation across the EU, US, UK, Japan and China - and grows with each tenant. Each catalog entry materialises as an external_framework row with its clauses as external_requirement rows; applicability is decided per scope (organisation, product, release, supplier, asset) and rolled up into a compliance case.
- 21434ISO/SAE 21434Automotive
- R155UN R155 CSMSType approval
- R156UN R156 SUMSSoftware updates
- CRAEU Cyber Resilience ActProducts w/ digital elements
- 24089ISO 24089Software update engineering
- 27001ISO/IEC 27001ISMS
- 27005ISO/IEC 27005Information risk
- NIS2EU NIS2Essential entities
- CSFNIST CSF 2.0Cyber framework
- 62443IEC 62443IACS
- 44495GB 44495CN automotive
- EMB3DMITRE EMB3DThreat & mitigation
§06 PRICING
Pick your tier. Start in mock mode. Switch to live when ready.
€499/mo, billed annually
- 1 product · 1 user
- All 9 domains
- Mock connectors, deterministic TARA
- Git-style versioning, GitHub mirror
- Community support
Mock-mode out of the box
€1,999/mo, billed annually
- Up to 10 products · 10 users · SSO (OIDC)
- Live connectors: Jira, GitHub, n8n
- n8n execution engine · scheduled workflows · run-log mirroring
- Conformity packs (CRA Annex VII, R155 audit)
- Email support · 1 business-day SLA
Talk to us about live tenants
Customtalk to us
- Unlimited products · unlimited users
- On-prem & air-gapped option
- Multi-tenant data residency
- Dedicated CSM · 4-hour SLA · SAML/SCIM
- Custom standards · custom connectors
Pricing on request
All tiers include the full data model, content-addressed evidence ledger, and the OpenAPI 3.0 surface. Annual prepay only on Team and above. Public-sector / academic discounts available.
§07 WALK THROUGH IT WITH US
30 minutes. A live tenant. Your standards selected.
We'll spin up a tenant pre-loaded with your industry, region and standards selection, then walk through a real TARA, a real audit pack, and a real n8n-executed process - in your domain.
Book a demo via emailBerlin / Detroit / Tokyo