logo
stripes
logo
stripes

Software Update Management System (SUMS)

Under UNECE R156, manufacturers must establish and operate a Software Update Management System (SUMS) that governs how software and data updates are planned, packaged, approved, delivered, verified, recorded, and continuously improved throughout the vehicle lifecycle.

Purpose

The SUMS ensures updates are performed securely, consistently, and traceably. It provides organizational capability (policies, roles, competence, tool control) and objective evidence that each campaign is executed under controlled processes. SUMS works alongside the CSMS (R155) and the engineering practices of ISO 24089.

Core Elements of a SUMS

  • Policy & Scope – documented intent, applicability (vehicle categories, ECUs, data types).
  • Governance & Roles – accountable owners, approvals, segregation of duties.
  • Process Set – planning, risk review, packaging/signing, rollout, validation, rollback, records.
  • Toolchain Control – approved build/packaging/signing tools; access and change control.
  • Key & Credential Management – generation, storage (HSM), rotation, revocation procedures.
  • Evidence & Records – end-to-end traceability for audits and type approval.
  • Continuous Improvement – KPIs, audits, lessons learned, corrective/preventive actions.

Governance & Approvals

  • Change authority: define who approves update content, eligibility, dependencies, and risk acceptance.
  • Segregation of duties: separate package authors, signers, and approvers; enforce dual control for keys.
  • Readiness gates: security review, functional safety impact (ISO 26262), compliance checks (R155, R10).

Process Overview (End-to-End)

  1. Plan – define scope, affected items/VINs, risk analysis, comms plan, rollback criteria.
  2. Package – build artifacts, generate metadata/SBOM, sign packages, record hashes and versions.
  3. Approve – complete quality and security gates; freeze artifacts and campaign dossier.
  4. Deliver – OTA or service-tool deployment with eligibility checks and anti-rollback.
  5. Verify – post-install checks, functional and safety validations, telemetry health KPIs.
  6. Record – store who/what/when/where results per VIN and per software item.
  7. Improve – analyze outcomes, incidents, and metrics; update processes and training.

Security Requirements (Chain of Trust)

  • Authenticity & Integrity: signed packages; verification on the vehicle and backend.
  • Eligibility: apply only to authorized VINs/ECUs/configurations; check prerequisites and dependencies.
  • Anti-rollback: version monotonicity and secure counters/fuses as applicable.
  • Secure Storage: protect keys, credentials, and sensitive metadata (HSM/secure elements).
  • Provenance: reproducible builds where feasible; track source and tool versions.

Campaign Management

  • Rollout strategy: canary cohorts → phased expansion; pause/resume on thresholds.
  • Dealer & Customer Comms: instructions, risks, expected time, safety notes.
  • Dependencies: handle inter-ECU order, power/charging conditions, network coverage.
  • Rollback/Abort: criteria, automation hooks, and incident linkage if triggered.

Post-Update Validation & Monitoring

  • Success criteria: acceptance tests, ECU health, DTC checks, performance metrics.
  • Telemetry: capture outcome, error codes, retry rates; integrity-protected logs.
  • Issue handling: PSIRT tie-in (R155); corrective follow-up packages if needed.
  • Feedback loop: feed lessons learned into SUMS/CSMS, TARA updates, and test depth.

Traceability & Records

Maintain end-to-end traceability from source change to in-field result:

  • Change request ⇄ commit/build ⇄ package/signature ⇄ campaign ⇄ VIN/ECU result.
  • Records: timestamps, approvers, tool versions, hashes, eligibility decisions, rollback/abort logs.
  • Retention: align with regulatory and corporate policies; protect logs against tampering.

KPIs & Continuous Improvement

  • Success rate, MTTR for corrective updates, retry/abort rates, post-update incident rate.
  • Gate effectiveness (defects found pre-vs-post rollout), signing/verification failures.
  • Audit findings and CAPA status; training coverage for roles in the SUMS.

Typical SUMS Outputs / Evidence

  • SUMS policy & description (scope, governance, roles, KPIs, improvement cycle).
  • Approved procedures: planning, packaging/signing, approvals, rollout, validation, rollback.
  • Key/credential management docs; HSM configuration/attestations; access control records.
  • Toolchain inventory & approvals; change control for scripts/pipelines.
  • Campaign dossiers: eligibility rules, dependencies, comms materials, risk assessments.
  • Post-update validation plans & results; telemetry dashboards and archived logs.
  • Per-VIN update records; rollback/abort evidence; lessons-learned and CAPA logs.
Disclaimer: This page summarizes SUMS expectations under UNECE R156. For authoritative requirements, consult the official regulation text and your approval authority’s guidance.