Thomas Kupfer - Consultant/Coach ISO/SAE 21434 / UNECE R-155

Q: Where is Thomas based?

Thomas is based in Bad Kissingen, Germany .

Q: What languages does Thomas speak?

Thomas speaks the following languages: German (Native), English (Advanced) .

Q: How many years of experience does Thomas have?

Thomas has at least 19 years of experience. During this time, Thomas has worked in at least 16 different roles and for 7 different companies . The average length of individual experience is 1 year and 10 months . Note that Thomas may not have shared all experience and actually has more experience.

Q: What is Thomas's latest experience?

Thomas's most recent position is Consultant/Coach ISO/SAE 21434 / UNECE R-155 at Tier 1 .

Q: What companies has Thomas worked for in recent years?

In recent years, Thomas has worked for Tier 1 , DQS GmbH , datenschutz cert GmbH , Tier 1 (Sweden / China) , and Tier 1 (England / Poland / Germany) .

Q: Which industries is Thomas most experienced in?

Thomas is most experienced in industries like Automotive , Professional Services , and Utility Services .

Q: Which business areas is Thomas most experienced in?

Thomas is most experienced in business areas like Quality Assurance (QA) , Product Development , and Information Technology (IT) . Thomas also has some experience in Audit , Operations , and Project Management .

Q: Which industries has Thomas worked in recently?

Thomas has recently worked in industries like Automotive , Professional Services , and Utility Services .

Q: Which business areas has Thomas worked in recently?

Thomas has recently worked in business areas like Quality Assurance (QA) , Product Development , and Audit .

Recommended expert

Bad Kissingen, Germany

Experience

Jan 2023 - Present

3 years 2 months

Consultant/Coach ISO/SAE 21434 / UNECE R-155

Tier 1

Support in setting up and expanding the cyber security process landscape according to ISO 21434 and UNECE R-155
Coaching the cybersecurity engineers
Combining requirements from ISO 21434 and TISAX into an integrated management system
Support in conducting the TARA
Support in developing the security concept
Support in developing the production process
Highest cybersecurity assurance level: CAL1
Project is carried out almost entirely from home office

Jun 2022 - Present

3 years 9 months

Auditor

DQS GmbH

Conducting audits according to ISO 9001 (quality management)
Conducting audits according to ISO 27001 (information security)
Conducting audits according to TISAX (information security)
Conducting audits according to IT security catalogue §11 paragraph 1a EnWG

Jun 2022 - Present

3 years 9 months

Auditor

datenschutz cert GmbH

Conducting audits according to ISO 27001 (information security)
Conducting audits according to IT security catalogue §11 paragraph 1a EnWG

Jan 2022 - Dec 2023

2 years

Consultant/Coach A-SPiCE – SQIL (Software Quality Improvement Leader)

Tier 1 (Sweden / China)

Conducting coaching to achieve SPiCE Level 1 for software development processes SWE.1–SWE.3, Quality Assurance SUP.1 and SUP.8 Configuration Management
Training an employee to take on the role of quality assurance engineer
Creating templates for project management, quality assurance, and software development
Defining requirements for documents to be created under A-SPiCE
Highest A-SPiCE level: 1–2
Project is carried out entirely from home office

Jan 2020 - Dec 2021

2 years

Consultant/Coach A-SPiCE – SQIL (Software Quality Improvement Leader)

Tier 1

Conducting coaching to achieve SPiCE Levels 1 and 2 for software development processes SWE.1–SWE.6 and Quality Assurance SUP.1
Co-Assessor for VDA scope processes and SYS.1 (Requirements Elicitation)
Highest A-SPiCE level: 1–2
Project was carried out entirely from home office

Jan 2020 - Dec 2021

2 years

Consultant/Coach A-SPICE – SQIL (Software Quality Improvement Leader)

Tier 1 (England / Poland / Germany)

Scope of activities within Automotive SPICE
Conducting internal A-SPICE Level 1 assessments based on the VDA scope for gap analysis in various projects and comparison with the VDA guidelines
Developing measures to achieve Level 1 for all processes within the VDA scope in the projects
Conducting incremental internal assessments
Coaching project teams through continuous re-assessments
Training a software quality engineer on the role of SQA, conducting assessments and requirements for individual processes
Reporting to the Quality Manager Europe
Highest safety integrity level in the project: ASIL QM(B)
Highest A-SPICE level: 1
Project was carried out entirely from home office

Jan 2020 - Dec 2020

1 year

Consultant for Cybersecurity

Tier 1

Analyzing customer requirements to determine needs
Introduction to cybersecurity based on ISO 27001 and ISO/SAE DIS 21434 standards
Training on automotive cybersecurity basics, contrasted with functional safety/cybersecurity, and on performing the Threat and Risk Analysis (TARA)
Highest cybersecurity assurance level: not defined

Jan 2020 - Dec 2020

1 year

Consultant for Functional Safety and Cybersecurity

Tier 1

Developing documentation for safety culture and suggestions for practical implementation
Creating a guideline for drafting the item definition for ISO 26262 and ISO/SAE DIS 21434, as well as providing further support in document preparation
Supporting the development of the security case for cybersecurity
Highest safety integrity level in the project: ASIL QM(B)
Highest cybersecurity assurance level: not defined
Project was conducted almost entirely from home office

Jan 2019 - Dec 2020

2 years

Consultant Functional Safety ISO 26262

Tier 1

Reviewing functional safety work results for completeness, correctness and consistency, and developing improvement suggestions
Assessing the organizational structure for the overall system's functional safety and proposing improvements
Contributing to gathering and deriving safety goals and requirements from the higher-level system safety analysis
Translating architectures into functional and timing diagrams
Developing safety paths and identifying ISO 26262 classification levels within the system software architecture
Developing a decomposition strategy for functional safety
Evaluating and aligning the SOTIF concept applied to the overall system (ISO PAS 21448 / ISO WD 21448 – SOTIF)
Building a sensor data catalog to assess environmental impacts on object detection and possible countermeasures
Matching the sensor data catalog with driving scenarios and operational design domains (SOTIF) to clarify the impact of SOTIF safety requirements on implementing safety goals
Highest safety integrity level in the project: ASIL D
Autonomous driving SAE level 4

Jan 2019 - Dec 2019

1 year

Consultant Functional Safety ISO 26262

Tier 1

Requirement-based personalized training for the safety manager regarding the OEM's requirements
Explaining the structure of the hazard and risk analysis
Clarifying the content requirements for the functional safety concept and ways to implement them
Showing the "red thread" from the safety goal to the component-level requirements
Describing component requirements in the context of each safety function
Deriving test requirements
Transferring the test requirements into the safety plan
Reviewing a hazard and risk analysis
Highest safety integrity level in the project: ASIL D
Coaching via Microsoft Teams

Jan 2019 - Dec 2019

1 year

Consultant for Cybersecurity and Functional Safety

Tier 1

Definition of requirements for designing a process to implement cybersecurity in the overall V-model based on ISO/SAE 21434, including detailed descriptions of each process step at the project level
Creation of a guideline for the cybersecurity process
Development of the necessary requirements for a TARA and proposal for implementation
Support in defining requirements for describing assumptions for a cybersecurity/safety element out of context
Support in defining methods to be applied for Cybersecurity Assurance Levels (CAL) (ISO 15408 / IEC 62443-3)
Mapping of checkpoints for documentation between the cybersecurity process and the functional safety process according to ISO 26262
Safety Integrity Level in the project: ASIL B
Cybersecurity Assurance Level: not defined

Jan 2018 - Dec 2018

1 year

Senior Process Consultant

OEM

Optimization of the type approval process for various divisions of a corporation with the objectives:
The process must be demonstrably implemented
Compliance requirements must be met
Handling the cross-cutting topic “Special Characteristics” (safety/approval relevance)
Advisory role on “Functional Safety” in other processes

Jan 2018 - Dec 2018

1 year

Functional Safety Manager ISO 26262

Tier 1

Development of a self-assessment for system, hardware, and software to identify gaps in the documentation of the functional safety process
Conducting document reviews
Training on how to conduct the self-assessment
Support in improving the process maturity of documents
Support in enhancing the content of technical safety concepts
Highest Safety Integrity Level in the project: ASIL D

Jul 2017 - Jul 2019

2 years 1 month

Technical Auditor

DQS GmbH

Reviewing completed audits for completeness, consistency, and correct execution
Reviewing audits for ISO 9001, ISO 27001, and combined ISO 9001 and ISO 27001 audits

Jan 2017 - Dec 2017

1 year

Release Manager for Functional Safety ISO 26262

Tier 1

Coaching the Safety Manager
Developing and integrating methods to improve system overview, system boundaries, and system workflows in the development process
Supporting the definition of subsystem boundaries for FMEA evaluation based on their interfaces for hazard and risk analysis
Reviewing documents for content completeness according to ISO 26262 requirements
Reviewing system FMEAs
Reporting
Highest Safety Integrity Level in the project: ASIL D
Distributed product development OEM/OES without defined system boundaries

Jan 2017 - Dec 2017

1 year

Functional Safety Manager ISO 26262

Tier 1

System analysis in the area of safety-related vehicle functions
Review of supplier documentation for safety verification and making the release decision
Optimization of compliance documentation according to ISO 26262
Highest Safety Integrity Level in the project: ASIL D
SOP: 07.2017

Jan 2015 - Dec 2016

2 years

Safety Manager / Functional Safety Engineer ISO 26262

Tier 1

Evaluation of a workflow from system development in the electronics area regarding its transferability to the design department
Advisory support in developing the item definition and the system requirements analysis, considering ISO 26262 and ISO 15504 (SPiCE) standards for a new product development
Preparation of planning documents (safety plan and related documents) for this new product development
Creation of impact analyses
Derivation of safety-related requirements for system, hardware, and software
Qualification of hardware components
Preparation of project documentation (hazard & risk analysis, functional safety concept, etc.)
Ad-hoc training of project participants
Coordination of relevant functional safety tasks within the team and with the project
Reporting
Highest Safety Integrity Level in the project: ASIL D

Jan 2013 - Dec 2014

2 years

Functional Safety Engineer ISO 26262

OEM

Review of functional safety documentation of various projects to ensure complete compliance with standard requirements, completeness, and consistency
Conducting functional safety assessments

Nov 2012 - Jul 2019

6 years 9 months

Auditor

DQS GmbH / DQS Bit GmbH

Conducting audits according to ISO 9001 (quality management)
Conducting audits according to ISO 27001 (information security)
Conducting audits according to ISO 27001 including the IT security catalog §11 para. 1a EnWG

Jan 2010 - Dec 2014

5 years

Functional Safety Engineer ISO 26262

OEM

Defining the system boundaries of subsystems to derive the necessary work packages for functional safety in collaboration with the involved departments
Consolidation and reconciliation of existing FMEAs as well as hazard and risk analyses to identify open issues
Conducting hazard assessments
Conducting hazard and risk analyses
Creation of the safety plan
Development of the functional and technical safety concept
Preparation of other required documentation
Determining test requirements for verification and validation of safety requirements
Checking test requirements for correct description in test catalogs
Reviewing test results for deviations and assessing them regarding safety relevance
Preparation of the safety case
Highest Safety Integrity Level in the project: ASIL C

Jan 2008 - Dec 2010

3 years

Functional Safety Engineer ISO 26262 / IEC 61508

Tier 1

Worked on the safety concept for an electric motor
Created project documents for the functional safety process
Derived safety-relevant requirements for the system, hardware, and software
Highest Safety Integrity Level in the project: ASIL C

Jan 2008 - Dec 2008

1 year

Functional Safety Engineer ISO 26262 / IEC 61508

Tier 1

Introduced the team to functional safety and trained them on the process flow and resulting requirements
Created a system and operations analysis
Analyzed the system FMEA to perform the hazard and risk analysis
Implemented the gathered data into the safety concept, which was approved after the final FSM assessment
Conducted according to IEC 61508

Jan 2005 - Dec 2005

1 year

Quality Management Representative

Tier 1

Established a quality management system according to ISO 9001
Integrated development processes based on the SPICE process maturity model (16 main software development processes) into the core processes
Achieved successful initial certification with no deviations
Provided ongoing successful support for the QMS over a total period of three years
Permanent employment

Industries Experience

See where this freelancer has spent most of their professional time. Longer bars indicate deeper hands-on experience, while shorter ones reflect targeted or project-based work.

Experienced in Automotive (19 years), Professional Services (10.5 years), and Utilities (3.5 years).

Automotive

Professional Services

Utilities

Business Areas Experience

The graph below provides a cumulative view of the freelancer's experience across multiple business areas, calculated from completed and active engagements. It highlights the areas where the freelancer has most frequently contributed to planning, execution, and delivery of business outcomes.

Experienced in Quality Assurance (19 years), Product Development (17 years), Information Technology (7.5 years), Audit (5.5 years), Operations (4 years), and Project Management (2 years).

Quality Assurance

Product Development

Information Technology

Audit

Operations

Project Management

Skills

Process Management, Analysis, And Development
Quality Management – Iso 9001
Information Security Management Iso 27001 And Industry-specific Extensions
Tisax – Vda Isa
Cybersecurity Management Iso/sae 21434 / Unece R155
Business Continuity Management (Emergency Management) Iso 22301 / Bsi 200-4
Integration Of Management Systems And Process Models
Process Management, Analysis, And Development
Automotive Spice – Iso 3300x
Functional Safety Automotive – Iso 26262 / Sae J3061
Safety Of The Intended Functionality (Sotif) - Iso/sae 21448
Cybersecurity Automotive – Iso/sae 21434
Linking Automotive Development Processes
Software Quality Assurance

Languages

German

Native

English

Advanced

Education

Dipl.-Ing. in Telecommunications Engineering (FH) · Telecommunications engineering

Certifications & licenses

TeleTrust Professional for Secure Software Engineering

TeleTrust & TÜV Rheinland

Business Continuity Manager – Emergency Manager (BCM)

Bitkom Academy

Quality Assurance Management Professional (QAMP®)

iSQI GmbH – International Software Institute

Certified Tester (Foundation Level)

International Software Architecture Qualifications Board – ISTQB

Cybersecurity for Automotive SPiCE

intacs

ICO ISMS Foundation according to TISAX

ICO – International Certification Organisation AG

Certified Automotive Cyber Security Engineer (CSMS ISO/SAE 21434)

TÜV Nord

Automotive Security Combined Training: Security Technologies

Kugler Maag Cie GmbH

Practical Training SOTIF - Safety of the Intended Functionality

Kugler Maag Cie GmbH

Certified Automotive Cyber Security Professional

SGS-TÜV Saar

Certified Industry Cyber Security Professional

SGS-TÜV Saar

TÜV Rheinland Functional Safety Engineer (HW/SW Design)

TÜV Rheinland

Cyber Security according to IEC 62443-4 for components in industrial automation and control systems

TÜV Rheinland

Introduction to Cryptography and Data Security

ISITS AG / Ruhr University Bochum

Auditor ISO/IEC 27001 according to IT security catalogue §11 paragraph 1a EnWG

Suhm - Approval by Federal Network Agency – Recognized Certification

TÜV Rheinland Functional Safety Engineer (Automotive)

TÜV Rheinland

Software Quality Improvement Leader (SQIL)

Volkswagen

ISO/IEC 15504 Provisional Assessor (Automotive SPiCE)

intacs

ISO 27001 Lead Implementer (information security management) / ISO 27001 Lead Auditor (information security management)

Professional Evaluation and Certification Board – PECB

DQS Quality Auditor

German Society for Quality e.V.

Certified Professional for Software Architecture (Foundation Level)

International Software Architecture Qualifications Board – iSAQB

Certified Professional for Requirements Engineering (Foundation Level)

International Requirements Engineering Board – IREB

ISO/IEC TR 15504 Process Assessment (SPiCE)

intacs

Project Management Specialist

German Association for Project Management – GPM/IPMA

Test Track License Type B

ATP Automotive Testing Papenburg GmbH

Profile

Created

September 2023

Last Update

April 2025

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Thomas based?

Thomas is based in Bad Kissingen, Germany.

What languages does Thomas speak?

Thomas speaks the following languages: German (Native), English (Advanced).

How many years of experience does Thomas have?

Thomas has at least 19 years of experience. During this time, Thomas has worked in at least 16 different roles and for 7 different companies. The average length of individual experience is 1 year and 10 months. Note that Thomas may not have shared all experience and actually has more experience.

What roles would Thomas be best suited for?

Based on recent experience, Thomas would be well-suited for roles such as: Consultant/Coach ISO/SAE 21434 / UNECE R-155, Auditor, Consultant/Coach A-SPiCE – SQIL (Software Quality Improvement Leader).

What is Thomas's latest experience?

Thomas's most recent position is Consultant/Coach ISO/SAE 21434 / UNECE R-155 at Tier 1.

What companies has Thomas worked for in recent years?

In recent years, Thomas has worked for Tier 1, DQS GmbH, datenschutz cert GmbH, Tier 1 (Sweden / China), and Tier 1 (England / Poland / Germany).

Which industries is Thomas most experienced in?

Thomas is most experienced in industries like Automotive, Professional Services, and Utility Services.

Which business areas is Thomas most experienced in?

Thomas is most experienced in business areas like Quality Assurance (QA), Product Development, and Information Technology (IT). Thomas also has some experience in Audit, Operations, and Project Management.

Which industries has Thomas worked in recently?

Thomas has recently worked in industries like Automotive, Professional Services, and Utility Services.

Which business areas has Thomas worked in recently?

Thomas has recently worked in business areas like Quality Assurance (QA), Product Development, and Audit.

What is Thomas's education?

Thomas holds a Bachelor in Telecommunications engineering.

Does Thomas have any certificates?

Thomas has 25 certificates. Among them, these include: TeleTrust Professional for Secure Software Engineering, Business Continuity Manager – Emergency Manager (BCM), and Quality Assurance Management Professional (QAMP®).

What is the availability of Thomas?

Thomas is immediately available for suitable projects.

What is the rate of Thomas?

Thomas's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.