The Volkswagen Group has made cybersecurity compliance mandatory for suppliers.
One of the key elements in the VW Group’s Formel Q Konkret requirements – specifically in subsection 1.1.7 – introduces clear cybersecurity tasks for suppliers.
Suppliers must prove that they have a Cybersecurity Management System (CSMS) in place and that they comply not only with OEM-specific expectations but also with the requirements of the ISO 21434 standard.
📄 What is needed for contract signing?
As a prerequisite for contracts relating to a specific development site, the Formel Q requirements demand evidence of a successful audit according to ISO PAS 5112 for all cybersecurity-relevant software and hardware products, including modules.
What does ISO 21434 cover?
✅ Organization-wide cybersecurity governance
✅ Project-specific cybersecurity activities
✅ Cascading requirements in the supply chain
✅ Vulnerability management and incident response
✅ Cybersecure product development
✅ Post-production cybersecurity activities
✅ Protection during operation – e.g., software updates, field failure handling
✅ End-of-support and decommissioning – What risks emerge when a product no longer receives updates?
🔎 Tip: If you’re a supplier to the VW Group and haven’t yet addressed ISO 21434 or the audit requirements under ISO PAS 5112, now is the time to act.
