TLDRDie webinar bied 'n insig in die nuwe ISO 24089 standaard vir sagteware-opdatering ingenieurswese. Tobias Pills, 'n konsultant by Osiris Consulting, verduidelik die verskille tussen die nuwe standaard en die UNR156 regulasie. Tobias bespreek die belangrikheid van nakoming en die wettige gevolge van nie-nakoming. Die standaard bevat 95 vereistes en 10 aanbevelings. Dit bied 'n omvattende gids vir sagteware-opdatering en help organisasies om hierdie prosesse te formaliseer. Verder besin die webinar oor die basiese elemente van die standaard, insluitend organisatoriese, projekvlak en infrastruktuurvereistes, en hoe hierdie elemente interaksie met ander standaarde en bestuursisteme het.


  • 🔍 Die ISO 24089 standaard is onlangs uitgereik.
  • 📊 Dit bevat 95 vereistes en 10 aanbevelings.
  • 📅 UNR156 is verpligtend vir nuwe voertuie vanaf Julie 2024.
  • ⚖️ Nie-nakoming kan tot verkoopsverbod lei.
  • 🏢 Verseker organisatoriese en projekvlak bestuur.
  • 🛡️ Integreer sagteware-opdateringsbestuur met sekuriteitstelsels.
  • 📝 Gedetailleerde dokumentasie is noodsaaklik.
  • 🔧 Kyk na albei ISO 24089 en UNR156 om volkome nakoming te verseker.
  • 🕒 Kleinskaalse vervaardigers kry 2 jaar ekstra om aan te pas.
  • 📚 Osiris bied addisionele opleiding en ondersteuning.


  • 00:00:00 - 00:05:00

    Tobias Pills van Osiris Consulting stel die nuut-vrygestelde ISO 24089 standaard voor sagteware-opdatering ingenieurswese bekend. Hy fokus op die ooreenkoms met ander standaarde soos die UNR155 en ISO SAE 2144. Tobias verduidelik regulasies soos die UNR156 en die verskille daarvan met ISO 24089, met klem op die belangrikheid van nakoming om verkoopsverbod in UNECE-lidlande te vermy.

  • 00:05:00 - 00:10:00

    Die ISO 24089 standaard bestaan uit nege klousules met 95 vereistes en 10 aanbevelings. Dit sluit ook verwysings na ander standaarde en werkprodukte in om nakoming te verseker. Tobias bespreek organisasie- en projekvlak-vereistes, voertuigvlak en sagteware-opdateringsbestuur, insluitend die belangrikheid van die voorsieningsketting en eindgebruikers se betrokkenheid by opdaterings.

  • 00:10:00 - 00:15:00

    Dit dek die infrastruktuur vir sagteware-opdaterings, risiko-bestuur en die veiligheid van sagteware instellings. Die infrastruktuur moet versoenbaarheid met voertuie verseker, en Tobias wys ook op die belangrikheid daarvan om mislukkings in opdateringsveldtogte te hanteer. Hy bespreek die noodsaaklikheid vir grondige dokumentasie en voorbereiding voor die uitrol van opdaterings.

  • 00:15:00 - 00:22:47

    Klem word geplaas op die verband tussen sagteware-opdateringsbestuur en ander bestuursisteme soos sekuriteitsbestuur en funksionele veiligheid. Tobias beklemtoon hoe geïntegreerde stelsels die algehele proses verbeter. Laastens word regulerende ooreenstemming, insluitend risiko's van nie-nakoming soos boetes en verkoopsverbod, bespreek en hulp word aangebied vir implementering en gap-analise.




  • Wat is ISO 24089?

    ISO 24089 is 'n nuwe standaard vir sagteware-opdatering ingenieurswese.

  • Wie is die aanbieder van die webinar?

    Tobias Pills van Osiris Consulting.

  • Wat is die belangrikste verskil tussen ISO 24089 en UNR156?

    ISO 24089 is 'n standaard terwyl UNR156 'n verpligte regulasie is wat nagekom moet word.

  • Hoeveel vereistes bevat die ISO 24089 standaard?

    Die standaard bevat 95 vereistes en 10 aanbevelings.

  • Wat is die skyfievertoning se doel?

    Om 'n oorsig te gee van die Osiris Consulting portefeulje en die nuwe ISO 24089 standaard.

  • Wat is die tydlyn vir die bekendstelling van nuwe voertuie volgens UNR156?

    Verpligtend vir nuwe voertuig tipes sedert Julie 2022 en alle nuwe voertuie teen Julie 2024.

  • Waarop moet instansies fokus om aan die verpligtinge te voldoen?

    Instansies moet fokus op prosesnakoming, sertifikaat van nakoming, en die hantering van potensiële boetes.

  • Wat word benadruk oor die sagteware-opdateringsproses?

    Dit is belangrik om organisatoriese en projekvlak verantwoordelikhede en infrastruktuurfunksies behoorlik te bestuur.


    Consulting webinar on the finally
    released standard on software update
    engineering the ISO 24089
    my name is Tobias pills and here with
    Osiris Consulting I'm a consultant and
    an expert in cyber security and software
    update management system
    this slide I want to show you quickly a
    bit of our portfolio being at the cyber
    security management system on the
    executive and management level or also
    being it being compliant to the unr155
    or the iso SAE 2144 as well as software
    update management system with the unr156
    and the now release their the ISO 24089
    we also do then engineering and
  • 00:00:59
  • 00:01:02
  • 00:01:05
  • 00:01:07
  • 00:01:09
  • 00:01:12
  • 00:01:15
  • 00:01:17
  • 00:01:20
  • 00:01:23
  • 00:01:26
  • 00:01:28
    and surrounding cyber security of course
    we do zombies and all the other aspects
    such as a spice project and quality
    management but also functional safety
    and systems engineering
    now let's jump a bit into the comparison
    also and which is really important with
    the regulation here comparison between
    the iso 2489 and the unr156 so the
    regulation of course is mandatory to
    follow so as soon as you fall under this
    regulation in this case for software
    updates and in this case being an oem
    then of course you have to be compliant
    to this mandatory regulation which is um
    and disregard giving out requirements
    for how to handle software updates and
    if you're not compliant then this could
    lead to a sales ban in one of the unece
    or even all of the human ECE member
  • 00:02:36
  • 00:02:40
  • 00:02:42
  • 00:02:46
  • 00:02:49
  • 00:02:50
  • 00:02:53
  • 00:02:57
  • 00:03:00
  • 00:03:01
  • 00:03:04
  • 00:03:07
  • 00:03:09
  • 00:03:13
  • 00:03:15
  • 00:03:17
  • 00:03:19
  • 00:03:22
  • 00:03:23
  • 00:03:26
  • 00:03:30
  • 00:03:32
  • 00:03:34
  • 00:03:38
  • 00:03:41
  • 00:03:44
  • 00:03:45
  • 00:03:48
  • 00:03:51
  • 00:03:54
  • 00:03:57
  • 00:04:01
  • 00:04:04
  • 00:04:07
  • 00:04:09
  • 00:04:12
  • 00:04:17
  • 00:04:20
  • 00:04:24
  • 00:04:27
  • 00:04:29
  • 00:04:32
  • 00:04:34
  • 00:04:37
  • 00:04:39
  • 00:04:41
  • 00:04:45
  • 00:04:48
  • 00:04:51
  • 00:04:56
  • 00:04:59
  • 00:05:02
  • 00:05:04
  • 00:05:08
  • 00:05:11
  • 00:05:15
  • 00:05:17
  • 00:05:21
  • 00:05:25
  • 00:05:27
    so these are some of the the key facts
    of the standard and now let's jump in
    into a bit of the content so of course
    we're going to start with the scope the
    normative references some some standards
    in there on on csms and also functional
    safety and some terms and definitions
    but then of course where the
    requirements begin organization level
    project level infrastructure level
    vehicle level software update packaging
    and last but not least the
    um campaign that you use to roll out
    everything and then of course here then
    you can see that also a bit in a graphic
    saying you have the surrounding
    organizational project level but then
    also having the packages having the
    vehicles and rolling out the software
    update packages
    it's not just all kind of of course
    correlates and and is dependent on each
  • 00:06:22
  • 00:06:24
  • 00:06:29
  • 00:06:32
  • 00:06:34
  • 00:06:36
  • 00:06:39
  • 00:06:41
  • 00:06:43
  • 00:06:45
  • 00:06:47
  • 00:06:50
  • 00:06:52
  • 00:06:54
  • 00:06:56
  • 00:06:59
  • 00:07:01
  • 00:07:04
  • 00:07:07
  • 00:07:10
  • 00:07:12
  • 00:07:16
  • 00:07:18
  • 00:07:21
  • 00:07:23
  • 00:07:26
  • 00:07:31
  • 00:07:34
  • 00:07:36
  • 00:07:38
  • 00:07:40
  • 00:07:43
  • 00:07:46
  • 00:07:49
  • 00:07:51
  • 00:07:53
  • 00:07:56
  • 00:07:59
  • 00:08:01
  • 00:08:03
  • 00:08:05
  • 00:08:07
  • 00:08:10
  • 00:08:12
  • 00:08:15
  • 00:08:17
  • 00:08:19
  • 00:08:21
  • 00:08:24
  • 00:08:26
  • 00:08:28
  • 00:08:31
  • 00:08:34
  • 00:08:35
  • 00:08:37
  • 00:08:39
  • 00:08:42
  • 00:08:45
    so those are really important factors to
    to cover here
    and then going more into let's say a bit
    more technical details here so looking
    at the infrastructure functions and the
    software update so basically this talks
    about the infrastructure with what
    software updates are rolled out in
    campaigns how to manage also cyber
    security risk for an infrastructure how
    to manage the information on the
    infrastructure and how to distribute the
    packages as well as also together with
    the vehicles uh your targets for
    instance how do I manage failures of the
    software update campaign and things like
  • 00:09:28
  • 00:09:32
  • 00:09:34
  • 00:09:37
  • 00:09:39
  • 00:09:42
  • 00:09:43
  • 00:09:46
  • 00:09:49
  • 00:09:52
  • 00:09:55
  • 00:09:57
  • 00:09:59
  • 00:10:02
  • 00:10:04
  • 00:10:07
  • 00:10:09
  • 00:10:12
  • 00:10:14
  • 00:10:16
  • 00:10:19
  • 00:10:21
  • 00:10:24
  • 00:10:28
  • 00:10:30
  • 00:10:33
  • 00:10:35
  • 00:10:38
  • 00:10:40
  • 00:10:42
  • 00:10:45
  • 00:10:47
  • 00:10:49
  • 00:10:52
  • 00:10:53
  • 00:10:56
  • 00:10:58
  • 00:11:01
  • 00:11:03
  • 00:11:05
  • 00:11:07
  • 00:11:09
  • 00:11:11
  • 00:11:14
  • 00:11:17
    now um looking at
    um the the thing more from a cons
    constructive uh construction perspective
    so we started with chapters one two
    three with General points and uh which
    are pretty standard to to a lot of or
    all of ISO standards and then again
    looking at organizational level
    responsibilities for the organization
    looking at project level how is it that
    the project needs to be set up what
    needs to be taken care of in this
    special project for a software update
    and then looking at the infrastructure
    how is it does it need to be developed
    how is it handling the the emanating
    the software updates what has to be
    looked at from the vehicle and systems
    perspective how is my software update
    package really
    um doing what needs to be inside is it
    tested and then what it is and
    connecting again these these points and
    and rolling out preparing and rolling
    out the software update packages within
    this campaign until finalization
    so this is basically the the overview of
    of around about the requirements that
    will be in there all in all there is a
    let's say yeah some chapters have more
    requirements other chapters have not so
    many requirements but uh let's say most
    most requirements most chapters or
    descriptions are in the last one for the
    software update campaign but here again
    it connects a lot of dots and and also
    lives on the requirements that that have
    been described before in the other
    chapters kind of like tying everything
    together and making sure that you roll
    out a very good and solid sophisticated
    software update
    and that you have managed everything
    that's around it
    and then what we wanted to talk about
    here is also a bit about the
    similarities of the software update
    managing and and here the iso when it
    comes to cyber security management
    system functional safety but also
    information security management system
    because there's there are some examples
    where you can say oh yeah I know this
    already from this standard or based on
    that and then also with the references
    in within the iso 24089 this reference
    to other standards you can see okay
    there's really some some connection just
    needs to work together
    so of course we have the tailoring and
    also distributed activities if you
    tailor something away you need to have a
    rationale for why you're doing this and
    then maybe somebody else is doing that
    so leading also into distributed
    activities and figuring out who does
    what with uh with with which on let's
    say the project site who's responsible
    for what with this which is also very
    known to to be described and needs to be
    happening if you look at other standards
    then we look at preserving the Integrity
    of the software of course the Integrity
    of the software update package of the
    metadata so this is of course very
    important so is it also for having the
    software update packages for instance on
    the infrastructure and there you could
    have for instance connections to the
    isms or
    I.T security and things like that way
    say I have the security of the
    infrastructure covered and therefore I
    also take care of the software update
  • 00:14:59
  • 00:15:03
  • 00:15:05
  • 00:15:07
  • 00:15:10
  • 00:15:12
  • 00:15:16
  • 00:15:19
  • 00:15:21
  • 00:15:23
  • 00:15:26
  • 00:15:28
  • 00:15:32
  • 00:15:34
  • 00:15:36
  • 00:15:39
  • 00:15:41
  • 00:15:44
  • 00:15:47
  • 00:15:50
  • 00:15:52
  • 00:15:54
  • 00:15:56
  • 00:16:02
  • 00:16:05
  • 00:16:07
  • 00:16:09
  • 00:16:12
  • 00:16:15
  • 00:16:17
  • 00:16:20
  • 00:16:22
  • 00:16:24
  • 00:16:27
  • 00:16:29
  • 00:16:31
  • 00:16:33
  • 00:16:36
  • 00:16:38
  • 00:16:40
  • 00:16:42
  • 00:16:45
  • 00:16:46
  • 00:16:48
  • 00:16:50
  • 00:16:52
  • 00:17:00
  • 00:17:03
  • 00:17:05
  • 00:17:08
  • 00:17:11
  • 00:17:13
  • 00:17:15
  • 00:17:18
  • 00:17:20
  • 00:17:22
  • 00:17:25
  • 00:17:27
  • 00:17:29
  • 00:17:31
  • 00:17:34
  • 00:17:37
  • 00:17:39
  • 00:17:42
  • 00:17:45
  • 00:17:47
  • 00:17:49
  • 00:17:52
  • 00:17:55
  • 00:17:57
  • 00:18:00
  • 00:18:02
  • 00:18:06
  • 00:18:08
  • 00:18:10
  • 00:18:12
  • 00:18:14
  • 00:18:16
  • 00:18:19
  • 00:18:22
  • 00:18:24
  • 00:18:26
    then you have the product liability of
    course in looking at how am I liable to
    things that are happening to problems
    that are happening with my software
    update packages with my software update
    processes things like that so it really
    ask the question okay how am I
  • 00:18:44
  • 00:18:47
  • 00:18:50
  • 00:18:53
  • 00:18:57
    fulfill all the the legal requirements
    here because if I don't I might face a
    Salesman and I think that is really
    something that needs to be
    um needs to be covered here and needs to
    be considered when I figure out okay I
    have this I need to be compliant but I'm
    not so what are the results and how do I
    prevent this from happening
    so this is all in all a bit of an of an
    overview here on on let's say more more
    legal regulating
    aspects and and things that that need to
    be covered when we talk about a software
    update management system not So Much
    from the iso perspective but of course
    the the iso can support in Rolling
    certain things out and and meeting
  • 00:19:45
  • 00:19:48
  • 00:19:50
  • 00:19:52
  • 00:19:54
  • 00:19:56
  • 00:19:59
  • 00:20:02
  • 00:20:03
  • 00:20:05
  • 00:20:08
  • 00:20:11
  • 00:20:14
  • 00:20:16
  • 00:20:18
  • 00:20:20
  • 00:20:24
  • 00:20:27
  • 00:20:30
    um here's just a bit of an overview on
    what it is that we are that we're doing
    so we have the academy the Consulting
    and the Audits and assessments so
    various activities on what Osiris
    Consulting is doing for
  • 00:20:47
  • 00:20:49
  • 00:20:53
  • 00:20:56
  • 00:20:58
  • 00:21:00
  • 00:21:02
  • 00:21:04
  • 00:21:08
  • 00:21:11
  • 00:21:14
  • 00:21:16
  • 00:21:20
  • 00:21:22
  • 00:21:25
  • 00:21:27
  • 00:21:31
  • 00:21:36
  • 00:21:39
  • 00:21:42
  • 00:21:45
  • 00:21:48
  • 00:21:50
  • 00:21:52
    so thank you very much and thank you for
    your interest in the iso 24089 I hope I
    could really give you a short update on
    what it is that needs to be taken care
    of what are the requirements but also
    how this relates into the bigger picture
    of management system other standards and
    the regulation on how to manage and roll
    out software updates
    and with this I say thank you very much
    and wish you all the best and hope to
    see you soon at one of our events or
    maybe if um you have need for consulting
    or support always feel free to contact
    us in this regard and thank you very
    much and take care
