Insight: Proposing HEAVENS 2.0 – an automotive risk assessment model

Winners Consulting Services Co., Ltd. identifies HEAVENS 2.0 as the vehicle risk assessment model that most closely aligns with ISO/SAE 21434 standards. The research team systematically identified 17 model updates (12 to address compliance gaps and 5 to remediate weaknesses), fully aligning the original HEAVENS framework with the mandatory requirements of UN R155. For Taiwanese automotive supply chain companies evaluating TISAX certification or an ISO/SAE 21434 implementation path, this research provides a direct gap analysis checklist that should be prioritized within a 7 to 12-month compliance implementation cycle.

About the Authors and This Research

This paper was co-authored by Magnus Almgren, Aljoscha Lautenbach, and Tomas Olovsson from the cybersecurity research field at Chalmers University of Technology in Sweden. Chalmers University has a long-standing focus on European automotive cybersecurity standards research, and its team has a solid academic foundation in automotive embedded systems security and communication protocol analysis. Since its publication in 2021, this paper has accumulated 33 citations as of the evaluation date, with 6 considered high-impact, indicating its significant reference value in discussions surrounding the ISO/SAE 21434 compliance framework.

The research background is particularly noteworthy: the HEAVENS (Higher Education and Automotive Vehicle and Environment Network Security) model was initially proposed by Swedish research institutions to provide a risk assessment process suitable for the automotive industry. However, with the official release of ISO/SAE 21434 in August 2021 and the mandatory enforcement of UN R155 (under the UNECE WP.29 framework) for new vehicle types starting in July 2022, the original HEAVENS model could no longer fully meet the latest regulatory requirements in several aspects. This was the core motivation for Almgren and his colleagues to propose HEAVENS 2.0.

Key Insights of HEAVENS 2.0: 17 Updates to Bridge the Standards Gap

The study's core contribution is the establishment of a systematic gap analysis method and a concrete model upgrade path. The research team did not merely describe the problems but translated each gap into an actionable model update, forming the complete architecture of HEAVENS 2.0.

Key Finding 1: 12 Compliance Gap Updates Directly Addressing ISO/SAE 21434 Requirements

The research team conducted a clause-by-clause comparison of the ISO/SAE 21434 requirements for Threat Analysis and Risk Assessment (TARA), identifying significant gaps in the original HEAVENS model. These gaps were found in the attack feasibility rating methodology, the definition process for Cybersecurity Goals, the documentation requirements for Risk Treatment Decisions, and the separate handling of Damage Scenarios and Threat Scenarios. These 12 updates are not superficial revisions; they are critical elements that directly affect a company's ability to pass UNECE WP.29 type approval audits.

Key Finding 2: 5 Weakness Remediations to Strengthen the Original HEAVENS Methodology

In addition to compliance gaps, the research team proactively identified methodological weaknesses within the HEAVENS model itself and proposed 5 additional updates. These weaknesses include the lack of consideration for multi-step attack chains in attack path assessment, an over-reliance on subjective judgment in risk severity rating without structured baselines, and the model's inadequacy in multi-tiered supply chain scenarios (Tier 1/Tier 2 division of labor). For Taiwanese suppliers, the third point is particularly crucial—Taiwan's automotive supply chain is known for its multi-tiered structure, and any threat analysis framework that cannot effectively handle cross-tier responsibility boundaries will face significant implementation challenges.

Key Finding 3: The Strategic Importance of HEAVENS 2.0 for Mandatory UN R155 Compliance

The paper explicitly states that UN R155 (the vehicle cybersecurity regulation under the UNECE WP.29 framework) is expected to be adopted into the national laws of 54 countries within three years and will also apply to autonomous vehicles. ISO/SAE 21434 is widely regarded as the primary technical path to meet UN R155 requirements. Therefore, the strategic value of HEAVENS 2.0, as a risk assessment model fully compliant with ISO/SAE 21434, is that companies can directly adopt it as a TARA implementation tool to achieve the dual compliance objectives of both ISO/SAE 21434 and UN R155.

Three Key Implications for Automotive Cybersecurity Practices in Taiwan

The release of HEAVENS 2.0 has direct practical significance for Taiwanese automotive supply chain companies, especially at the intersection of TISAX certification implementation and ISO/SAE 21434 compliance construction.

Implication 1: Existing TARA Tools Require a Conformity Assessment

Many Taiwanese Tier 1 and Tier 2 suppliers currently use Threat Analysis and Risk Assessment tools based on the original HEAVENS or similar early models, which may have systematic gaps when facing an ISO/SAE 21434 audit. The 17-item update list from HEAVENS 2.0 can serve as a self-assessment checklist for companies. It is recommended to verify whether existing TARA processes cover these updates before initiating the TISAX certification process.

Implication 2: UN R155 Compliance Pressure is Cascading from OEMs to the Supply Chain

The UNECE WP.29's UN R155 regulation requires the demonstration of a complete vehicle risk assessment process during type approval audits. If Taiwanese suppliers cannot provide TARA documentation that complies with the ISO/SAE 21434 standard, they face the risk of being required to submit additional documents or having their procurement quotas reduced by European and Japanese customers. As an industry-validated framework, HEAVENS 2.0 can help suppliers establish an internationally credible documentation system.

Implication 3: A Clearer Integration Path for TISAX Certification and ISO/SAE 21434

Although TISAX (Trusted Information Security Assessment Exchange) certification focuses on information security management, its AL 3 level (for highly sensitive assets like vehicle prototypes) explicitly requires vehicle cybersecurity engineering practices corresponding to ISO/SAE 21434. Implementing HEAVENS 2.0 can serve as a concrete tool for companies to strengthen their TARA capabilities in preparation for the TISAX AL 3 assessment, creating synergistic benefits between TISAX certification and UN R155 compliance.

How Winners Consulting Services Helps Taiwanese Companies Implement the HEAVENS 2.0 Framework

Winners Consulting Services Co., Ltd. assists Taiwanese automotive supply chain companies in obtaining TISAX certification, implementing the ISO/SAE 21434 standard, and complying with UNECE WP.29 vehicle cybersecurity regulations. For the specific implementation of HEAVENS 2.0, we recommend that Taiwanese companies follow this three-step action plan to establish standard-compliant TARA capabilities within 7 to 12 months:

1. Months 1-3 — Current State Gap Diagnosis: Using the 17-item update list from HEAVENS 2.0 as a baseline, conduct a clause-by-clause assessment of the existing TARA process's coverage to identify high-risk gaps for priority remediation. Focus on the attack feasibility rating mechanism and the damage scenario definition method, as these two areas most frequently exhibit systematic deficiencies among Taiwanese suppliers.
2. Months 4-8 — Model Implementation and Documentation Building: In accordance with ISO/SAE 21434's TARA requirements, progressively integrate the HEAVENS 2.0 updates into the company's existing risk management processes. Concurrently, establish a documentation system that meets TISAX audit requirements, ensuring every risk treatment decision has a traceable record.
3. Months 9-12 — Validation and Establishment of a Continuous Improvement Mechanism: Through internal audits and mock reviews, verify that the updated TARA process can fully address the audit requirements of UN R155 type approval. Establish Key Performance Indicators (KPIs) to track TARA execution quality, ensuring that compliance capabilities are maintained through organizational changes or product line expansions.

Frequently Asked Questions

What are the key differences between HEAVENS 2.0 and the original version? Do companies need to completely rebuild their existing TARA processes?

The most critical difference in HEAVENS 2.0 is its full alignment with 12 new requirements for Threat Analysis and Risk Assessment (TARA) from ISO/SAE 21434, plus the remediation of 5 methodological weaknesses, totaling 17 model updates. Companies do not need to completely rebuild their TARA processes; instead, they should start with a gap analysis to identify which updates are already covered. Research shows the most commonly overlooked gaps are structured methods for attack feasibility rating, the separate handling of damage and threat scenarios, and documentation requirements for risk treatment decisions. Prioritizing these three areas allows for a rapid increase in TARA compliance without significantly overhauling the existing framework.

What are the most common compliance challenges for Taiwanese automotive suppliers when implementing ISO/SAE 21434?

Taiwanese suppliers commonly face three main challenges when implementing ISO/SAE 21434. First, unclear cybersecurity responsibility boundaries between departments, especially the lack of institutionalized TARA collaboration processes among R&D, quality assurance, and cybersecurity teams. Second, the absence of a documented mechanism for cascading cybersecurity requirements in multi-tiered supply chains (Tier 1 to Tier 2), making it difficult to pass customer audits. Third, existing engineering documents often do not directly map to the Cybersecurity Goal format required by the standard, necessitating extensive supplementary work. Since UN R155 requires complete TARA documentation for type approval, these challenges directly impact suppliers' export business. It is advisable to institutionalize cross-departmental collaboration processes before initiating TISAX certification.

What are the core requirements of TISAX certification, and how should Taiwanese companies plan the implementation steps and timeline?

TISAX (Trusted Information Security Assessment Exchange) is the European automotive industry's information security assessment and exchange mechanism, led by the German VDA and based on the VDA ISA questionnaire with three assessment levels (AL 1, AL 2, AL 3). For suppliers handling vehicle prototypes or highly sensitive data, the AL 3 assessment explicitly requires automotive cybersecurity engineering practices corresponding to ISO/SAE 21434. A recommended timeline for Taiwanese companies is: months 1-3 for current state assessment and gap analysis; months 4-6 to establish or enhance the information security management system; months 7-9 for internal mock audits and document preparation; and months 10-12 to apply for the official TISAX assessment. The full implementation cycle typically takes 9 to 12 months, depending on the company's size and existing maturity.

How many resources are required to implement HEAVENS 2.0 and ISO/SAE 21434, and how can the expected benefits be quantified?

The resources required vary significantly by company size and maturity, but a mid-sized Tier 1 supplier (200-500 employees) typically needs to allocate 1-2 full-time automotive cybersecurity engineers and an implementation timeline of 6-9 months. The expected benefits can be quantified in three ways: First, reducing the risk of customer audit failures due to non-compliant TARA documentation, as European OEMs now include ISO/SAE 21434 compliance in procurement contracts. Second, TISAX certification grants access to the qualified supplier lists of European automotive clients, shortening business qualification cycles. Third, a systematic risk assessment process significantly lowers the cost of fixing security issues found during development compared to post-production recalls. It's best to view implementation costs as a market access investment rather than a mere compliance expense.

Why choose Winners Consulting Services for automotive cybersecurity (AUTO) issues?

Winners Consulting Services Co., Ltd. specializes in automotive cybersecurity, offering integrated services for ISO/SAE 21434 implementation, TISAX certification guidance, and UNECE WP.29 regulatory consulting. Our team combines practical automotive engineering experience with cybersecurity expertise to provide actionable compliance roadmaps tailored to the operational context of Taiwan's supply chain. We use a structured gap analysis methodology to pinpoint precise discrepancies between existing processes and the ISO/SAE 21434 standard, preventing resource waste on unnecessary overhauls. With our guidance, companies can establish an internationally credible TARA documentation system and cybersecurity management framework within 7 to 12 months, directly meeting the audit requirements of major European and Japanese automakers.