Cyber security risks for vehicles continuously increase with the adoption of automated driving and connected vehicles cybersecurity. The UNECE WP.29 cybersecurity regulation 155 mandates the implementation of a Cyber Security Management Systems (CSMS) for type approval, which requires Cybersecurity for OEM's vehicle to be continuously defined, monitored and improved along the supply chain and life cycle of a vehicle. Our Product Security Organisation Framework (PROOF), developed with our cooperation partner ESCRYPT offers a complete set of Tools, Templates and Services, to manage Cybersecurity holistically and compliant: From readiness checks to CSMS roll outs to risk-adequate vehicle security.