Go to Website

Thomas Kupfer

Consultant/Coach ISO/SAE 21434 / UNECE R-155

Bad Kissingen, Germany
Summary Experience Education Certifications Languages
Experience
Jan 2023 - Present
2 years 7 months

Consultant/Coach ISO/SAE 21434 / UNECE R-155

TIER 1

  • Support in building and expanding the cybersecurity process landscape according to ISO 21434 and UNECE R-155

  • Coaching of cybersecurity engineers

  • Merging requirements from ISO 21434 and TISAX into one integrated management system

  • Support in carrying out the TARA

  • Support in building the security concept

  • Support in setting up the production process

  • Highest Cybersecurity Assurance Level: CAL1

  • Project is carried out almost entirely from home office

Jun 2022 - Present
3 years 2 months
Frankfurt, Germany

Auditor

DQS GmbH

  • ISO 9001 – Quality management
  • ISO 27001 – Information security
  • TISAX – Information security
  • IT Security Catalog §11 para.1a EnWG
Jun 2022 - Present
3 years 2 months
Bremen, Germany

Auditor

datenschutz cert GmbH

  • ISO 27001 – Information security
  • IT Security Catalog §11 para.1a EnWG
Jan 2022 - Dec 2023
2 years
Sweden

Consultant/Coach A-SPiCE – SQIL (Software Quality Improvement Leader)

TIER 1

  • Conducting coaching to reach SPiCE Level 1 for software development processes SWE.1-SWE.3, Quality Assurance SUP.1 & SUP.8 Configuration Management

  • Training an employee to take on the role of quality assurance engineer

  • Creating templates for project management, quality assurance and software development

  • Defining requirements for documents needed under A-SPiCE

  • Highest A-SPiCE Level: 1-2

  • Project is done entirely from home office

Jan 2020 - Dec 2021
2 years

Consultant/Coach A-SPiCE – SQIL (Software Quality Improvement Leader)

TIER 1

  • Conducting coaching to reach SPiCE Level 1 and 2 for software development processes SWE.1-SWE.6 and Quality Assurance SUP.1

  • Co-assessor for processes in the VDA scope and SYS.1 (Requirements Elicitation)

  • Highest A-SPiCE Level: 1-2

  • Project was done entirely from home office

Jan 2020 - Dec 2021
2 years
United Kingdom

Consultant/Coach A-SPiCE – SQIL (Software Quality Improvement Leader)

TIER 1

Scope of activities under Automotive SPiCE:

  • Conducting internal A-SPiCE Level 1 assessments based on VDA scope for gap analysis in various projects and matching with VDA guidelines

  • Developing measures to reach Level 1 for all VDA scope processes in projects

  • Conducting incremental internal assessments

  • Coaching project teams through continuous re-assessments

  • Training a software quality engineer: role of SQA, conducting assessments and process requirements

  • Reporting to Quality Manager Europe

  • Highest Safety Integrity Level in project: ASIL QM(B)

  • Highest A-SPiCE Level: 1

  • Project was done entirely from home office

Jan 2020 - Dec 2020
1 year

Consultant for Cybersecurity

TIER 1

  • Analyzing customer requirements to determine needs

  • Introduction to cybersecurity based on ISO 27001 and ISO/SAE DIS 21434

  • Training: Basics of automotive cybersecurity with comparison of functional safety/cybersecurity and how to carry out Threat and Risk Analysis (TARA)

  • Highest Cybersecurity Assurance Level: Not defined

Jan 2020 - Dec 2020
1 year

Consultant for Functional Safety and Cybersecurity

TIER 1

  • Preparing documentation for safety culture and proposals for practical implementation

  • Creating guideline for item definition design for ISO 26262 & ISO/SAE DIS 21434 and further support in document creation

  • Support in building security case for cybersecurity

  • Highest Safety Integrity Level in project: ASIL QM(B)

  • Highest Cybersecurity Assurance Level: Not defined

  • Project is carried out almost entirely from home office

Jan 2019 - Dec 2020
2 years

Consultant Functional Safety ISO 26262

TIER 1

  • Reviewing functional safety deliverables for completeness, correctness, consistency and making improvement suggestions

  • Reviewing organization structure for system functional safety and making suggestions

  • Assisting in deriving safety goals and requirements from higher-level system safety analysis

  • Transforming architectures into function and timing diagrams

  • Defining safety paths and identifying ISO 26262 rating levels in system software architecture

  • Developing a decomposition strategy for functional safety

  • Reviewing and aligning SOTIF concept applied to the system (ISO PAS 21448 – ISO WD 21448 – SOTIF)

  • Building sensor data catalog to assess environmental impacts on object detection and possible countermeasures

  • Matching with driving scenarios and operational design domains (SOTIF) – clarifying “What do SOTIF safety requirements mean for safety goal implementation?”

  • Highest Safety Integrity Level in project: ASIL D

  • Autonomous driving SAE Level 4

Jan 2019 - Dec 2019
1 year

Consultant Functional Safety ISO 26262

TIER 1

  • Personalized requirements-based training for the safety manager on OEM requirements

  • Structure of hazard and risk analysis

  • Content requirements for the functional safety concept and implementation options

  • Showing the “red thread” from safety goal to component-level requirements

  • Describing component requirements for each safety function

  • Deriving test requirements

  • Integrating test requirements into the safety plan

  • Reviewing a hazard and risk analysis

  • Highest Safety Integrity Level in project: ASIL D

  • Coaching via Microsoft Teams

Jan 2019 - Dec 2019
1 year

Consultant for Cybersecurity and Functional Safety

TIER 1

  • Defining requirements for designing a process to implement cybersecurity in the overall V-model based on ISO/SAE 21434, including detailed description of each project-level step

  • Creating a guideline for the cybersecurity process

  • Drafting required TARA requirements and implementation suggestions

  • Supporting definition of requirements for assumptions in a Cybersecurity/Safety Element out of Context

  • Supporting definition of methods to apply for Cybersecurity Assurance Levels (CAL) (ISO 15408/IEC 62443-3)

  • Mapping documentation checkpoints between cybersecurity and functional safety processes per ISO 26262

  • Safety Integrity Level in project: ASIL B

  • Cybersecurity Assurance Level: Not defined

Jan 2018 - Dec 2018
1 year

Senior Process Consultant

OEM

  • Optimizing the type approval process for various sub-departments of a corporation with goals:
  • Process must be actively used and demonstrated
  • Compliance requirements must be met
  • Handling cross-cutting topic “Special Features” (safety/approval relevance)
  • Advising on functional safety in other processes
Jan 2018 - Dec 2018
1 year

Manager Functional Safety ISO 26262

TIER 1

  • Developing a self-assessment for system, hardware and software to uncover gaps in functional safety process documentation – document reviews

  • Training on conducting self-assessments

  • Supporting process maturity improvement of documents

  • Supporting development of technical safety concepts

  • Highest Safety Integrity Level in project: ASIL D

Jul 2017 - Jul 2019
2 years 1 month
Frankfurt, Germany

Technical Reviewer

DQS GmbH

  • Conducting technical reviews of audits for completeness, consistency and correct execution for ISO 9001, ISO 27001 & combined ISO 9001 & ISO 27001 audits
Jan 2017 - Dec 2017
1 year

Release Manager Functional Safety ISO 26262

TIER 1

  • Coaching the safety manager

  • Developing and integrating methods to improve system overview, boundaries and flows in the development process to define subsystems and evaluate them in FMEA based on hazard and risk analysis

  • Reviewing documents for content completeness against ISO 26262 requirements

  • Reviewing system FMEAs

  • Reporting

  • Highest Safety Integrity Level in project: ASIL D

  • Distributed product development OEM/OES, no defined system boundaries

Jan 2017 - Dec 2017
1 year

Manager Functional Safety ISO 26262

TIER 1

  • System analysis for safety-relevant vehicle functions

  • Reviewing supplier documentation for safety proof and making release decisions

  • Optimizing safety proof to ISO 26262

  • Highest Safety Integrity Level in project: ASIL D

  • SOP - 07.2017

Jan 2015 - Dec 2016
2 years

Safety Manager / Functional Safety Engineer ISO 26262

TIER 1

  • Reviewing a workflow from system development in electronics for transferability to the design department

  • Advising on item definition and system requirements analysis per ISO 26262 & ISO 15504 (SPiCE) for a new product

  • Preparing planning documents (safety plan, related docs) for the new product

  • Creating impact analyses

  • Deriving safety requirements for system, hardware and software

  • Qualifying hardware components

  • Creating project documentation (hazard & risk analysis, functional safety concept, etc.)

  • Conducting ad-hoc training for project participants

  • Coordinating functional safety tasks within the team and the project

  • Reporting

  • Highest Safety Integrity Level in project: ASIL D

Jan 2013 - Dec 2014
2 years

Functional Safety Engineer ISO 26262

OEM

  • Reviewing functional safety documentation of various projects for full compliance with standards, completeness and consistency
  • Conducting functional safety assessments
Nov 2012 - Jul 2019
6 years 9 months
Frankfurt, Germany

Auditor

DQS GmbH / DQS Bit GmbH

  • ISO 9001 – Quality management
  • ISO 27001 – Information security
  • ISO 27001 – Information security incl. IT Security Catalog §11 para.1a EnWG
Jan 2010 - Dec 2014
5 years

Functional Safety Engineer ISO 26262

OEM

  • Defining subsystem boundaries to derive required work packages for functional safety with involved teams

  • Merging and aligning existing FMEAs and hazard and risk analyses to identify open issues

  • Conducting hazard assessments

  • Conducting hazard and risk analyses

  • Creating the safety plan

  • Creating functional and technical safety concepts

  • Creating additional required documentation

  • Defining test requirements for verification and validation of safety requirements

  • Reviewing test requirements in test catalogs

  • Reviewing test results for deviations and evaluating safety relevance

  • Creating the safety case

  • Highest Safety Integrity Level in project: ASIL C

Jan 2008 - Dec 2010
3 years

Functional Safety Engineer ISO 26262 / IEC 61508

TIER 1

  • Working on safety concept for an electric motor

  • Creating project documents for functional safety process

  • Deriving safety requirements for system, hardware and software

  • Highest Safety Integrity Level in project: ASIL C

Jan 2008 - Dec 2008
1 year

Functional Safety Engineer ISO 26262 / IEC 61508

TIER 1

  • Introducing the team to functional safety and training them on process flow and resulting requirements

  • Creating system and operational analysis

  • Analyzing system FMEA to conduct hazard and risk analysis

  • Implementing data in the safety concept which was approved after final FSM assessment

  • Conducted based on IEC 61508

Jan 2005 - Dec 2005
1 year

QM Representative

TIER 1

  • Building a quality management system according to ISO 9001

  • Integrating development processes based on the SPICE model (16 main software development processes) into core processes

  • Successful first certification with no findings

  • Maintaining the QMS successfully over three years

  • Permanent employment

Summary

Technical focus "Information Security, Cybersecurity Management and Management Systems"

  • Process management, analysis, development
  • Quality management – ISO 9001
  • Information security management ISO 27001 and industry-specific extensions
  • TISAX – VDA ISA
  • Cybersecurity Management ISO/SAE 21434 / UNECE R155
  • Business Continuity Management (Emergency Management) ISO 22301 / BSI 200-4
  • Merging management systems and process models

Technical focus "Automotive development processes"

  • Process management, analysis, development
  • Automotive SPiCE – ISO 3300x
  • Automotive functional safety – ISO 26262 / SAE J3061
  • Safety of the intended functionality (SOTIF) – ISO/SAE 21448
  • Automotive cybersecurity – ISO/SAE 21434
  • Linking automotive development processes
  • Software quality assurance
Languages
German
Advanced
English
Advanced
Education
Lorem ipsum dolor sit amet

Dipl.-Ing. · Communications Engineering

Certifications & licenses

TeleTrust Professional for Secure Software Engineering

TeleTrust & TÜV Rheinland

Business Continuity Manager – Emergency Manager (BCM)

Bitkom Academy

Quality Assurance Management Professional (QAMP®)

iSQI GmbH – International Software Institute

Certified Tester (Foundation Level)

International Software Architecture Qualifications Board – ISTQB

Cybersecurity for Automotive SPiCE

intacs

ICO ISMS Foundation according to TISAX

ICO – International Certification Organisation AG

Certified Automotive Cyber Security Engineer (CSMS ISO/SAE 21434)

TÜV Nord

Automotive Security Combined Training: Security Technologies

Kugler Maag Cie GmbH

Practical Training SOTIF - Safety of the Intended Functionality

Kugler Maag Cie GmbH

Certified Automotive Cyber Security Professional

SGS-TÜV Saar

Certified Industry Cyber Security Professional

SGS-TÜV Saar

TÜV Rheinland Functional Safety Engineer (HW/SW Design)

TÜV Rheinland

Cyber Security according to IEC 62443-4 for Components in Industrial Automation and Control Systems

TÜV Rheinland

Introduction to Cryptography and Data Security

ISITS AG / Ruhr University Bochum

Auditor ISO/IEC 27001 according to IT Security Catalog §11 para. 1a EnWG

Suhm – Approval by Federal Network Agency

TÜV Rheinland Functional Safety Engineer (Automotive)

TÜV Rheinland

Software Quality Improvement Leader (SQIL)

Volkswagen

ISO/IEC 15504 Provisional Assessor (Automotive SPiCE)

intacs

ISO 27001 Lead Auditor (Information Security Management)

Professional Evaluation and Certification Board – PECB

ISO 27001 Lead Implementer (Information Security Management)

Professional Evaluation and Certification Board – PECB

DQS Auditor Quality

German Society for Quality e.V.

Certified Professional for Software Architecture (Foundation Level)

International Software Architecture Qualifications Board – iSAQB

Certified Professional for Requirements Engineering (Foundation Level)

International Requirements Engineering Board – IREB

ISO/IEC TR 15504 Process Assessment (SPiCE)

intacs

Project Management Professional

German Association for Project Management – GPM/IPMA

Test Field License Type B

ATP Automotive Testing Papenburg GmbH

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions

Similar Freelancers

Discover other experts with similar qualifications and experience

Valeri Milke

DORA Readiness – Gap Analysis and Implementation for Banks

View Profile
Federico Leefhelm

ISO – Senior Consultant Quality & Information Security

View Profile
Björn Bausch

Auditor

View Profile
Wolfgang Schenk

Continuous Improvement Manager / Quality Manager

View Profile
Matthias Steinmann

Senior Consultant Security (freelance)

View Profile
Manfred Liebetrau

Support for the Chief Security Officer (CSO) and Chief Information Security Officer (CISO)

View Profile
Christian Heutger

Lead Auditor

View Profile
Andreas Karl

Lead Auditor, ICT

View Profile
Christian Gebhardt

DORA Implementation Project

View Profile
Samir Soliman

Project Manager in the Cybersecurity Department for 2 operational companies of the RWE Group

View Profile
Dirk Meissner

Project Lead

View Profile
Maxim Ribakowski

Information Security Officer

View Profile
Andreas Guthier

IT Security Consultant

View Profile
Oliver Frömel

Senior IT Enterprise Security Architect | Bank Migration Project

View Profile
Lucas Löcken

Consultant in Information Security, Data Protection and Business Continuity Management

View Profile
fratch Part of Bitkom logo
linkedIncrunchbaseyoutube

2025 © FRATCH.IO GmbH. All rights reserved.