We combine ASPICE and Cybersecurity in one seamless framework

Ensure your product and processes are compliant with Automotive and Cybersecurity regulations and standards

Through the Software Defined Vehicle concept, Cybersecurity plays a significant role in vehicle safety, ensuring privacy and availability of systems. However, Cybersecurity no longer applies to Embedded Software systems alone. The recent UNECE regulations require that car manufacturers must implement management systems and have them audited for Cybersecurity by independent parties 

As part of our services, we design and deploy CySec processes and analyse the existing ones. We support the development of Embedded Software products according to the current Automotive and Cybersecurity regulations and standards. We also design and implement Cyber-software features. 


Cybersecurity process design and engineering services

Our services range from performing Automotive Cybersecurity analyses and audits to designing and developing security solutions and processes. 


CSMS Process

  • CSMS strategy
  • Gap analysis and improvements
  • CSMS process design, definition and deployment
  • CSMS pilot projects execution
  • Tooling selection and adaptation

Product Development

  • Cybersecurity analyses, such as TARA, VA acc. to ISO21434
  • Cybersecurity Concept definition
  • System and software development compliant with ISO21434/UN R155
  • Project Cybersecurity management
  • Compiling Cybersecurity specifications
  • Embedded testing (fuzzy, pentests, static)
  • Backend pentests
  • Software update or software update management system (SUMS, R156)

Development and Test Environment

  • Design and implementation of a development environment compliant with ASPICE, Cybersecurity and Functional Safety requirements
  • Definition and implementation of KPI measurement
  • Cybersecurity tooling integration and adoption to existing CI/CD

How we do it

Our unified approach merges the ASPICE framework and Cybersecurity requirements of ISO 21434 and UNECE regulations, which in most Automotive software development projects go hand in hand. We established the process based on our internal FOTA project.  

Our work process is designed to meet your unique needs

We approach each client case individually, adjusting our process to specific needs. By understanding the unique challenges and objectives of every project, we can deliver the best results possible. Our team of experts collaborates closely with clients, fostering a transparent and communicative partnership.



  • Senior engineers
  • Domain experts
  • Highly flexible

Laptop or VDI access to customer environment (usually 1-2 weeks)


Work package

  • Closed work package handled by Spyrosoft
  • Set of experts needed to deliver the work package

Communication channels, access to experts, project handbook, process definition (usually 2-3 weeks)



  • Identify work packages plan and ensure execution and compliance with international or customer standards

Communication channels, access to experts, project handbook, process definition (start with key experts in 2-3 weeks, full team within 1 month)


What makes us a reliable partner?

  1. 3-5 years of experience in the field of Cybersecurity in Embedded Systems

  2. In-depth knowledge of ISO 21434, TISAX and 27k1

  3. One, integrated framework for ASPICE, FUSA and Cybersecurity

  4. Custom-fit approach to each client

Meet our experts

Tomasz Lokietek
Head of Embedded Functional Safety and Cybersecurity

I am a certificated Automotive Consultant with over 15 years of experience in the computer software industry. I have extensive experience in Kaizen, Electronics, Automotive, R&D and Manufacturing gained by working with leading IT companies in Europe. I am also an accomplished professional with an executive MBA focused in Business Administration, Management and Operations from Polish Open University. At Spyrosoft, I support key clients from the Automotive business unit in implementing Functional Safety solutions.

Tomasz Lokietek

Meet our experts

Karol Zagrodzki
Embedded Security Engineer

I am a certified Automotive Cybersecurity Engineer with a background in Embedded C. I have extensive experience in Cybersecurity processes, including performing Threat and Risk Assessments (TARAs) and developing Cybersecurity Concepts for embedded systems. Additionally, I am proficient in designing security solutions both within and outside developed ECUs, employing cryptography and other security principles.

Meet our experts

Srikanth Pulluri
Senior Cybersecurity Manager

I have worked as a Cybersecurity Subject Matter Expert (SME) with hands-on experience in Embedded Security Design and Development, using Embedded C. I also have experience in Requirements Engineering and have served as the Single Point of Contact (SPOC) for customers regarding technical topics. I’ve managed multiple components (ECUs) for end-to-end Cybersecurity Lifecycle activities and have practical experience in team management, Cybersecurity planning, and execution.


Project FOTA

FOTA is our internal project, which aims to achieve the Cybersecurity work products implementation framework as per the CSMS process, in compliance with ISO 21434 and Spyrosoft-specific policies and procedures, also seamlessly merged with ASPICE.

FOTA demonstrates that it’s possible to create a unified process that can serve customer-specific needs and leads to achieving the required protection, while meeting all the industry-specific requirements.

Contact us

Ensure your project and processes follow the ASPICE standard and meet the Cybersecurity requirements of ISO 21434 and UNECE

Tomasz Lokietek

Tomasz Lokietek

Head of Embedded Functional Safety and Cyber Security

    Spyrosoft collects the above data to contact you in order to process your inquiry. You can opt out of communication at any time. More information can be found in our Privacy Policy.