The increase in vehicle connectivity and automated cars brings with it an increase in the risk of cyber-attacks. ISO/SAE 21434 is a cybersecurity-specific standard that provides a structured process to ensure cybersecurity is embedded into automotive products throughout their lifetime.
To meet the requirements of ISO/SAE 21434, automotive manufacturers and suppliers must prove correct and complete implementation from development to the final product. SGS, as an accredited body for ISO/SAE 21434, can assist with the following services:
A process audit reviews the development process by checking the existence of generic document templates, associated process descriptions, a cybersecurity management system (CSMS) and an incident response process and a practiced security culture. The audit usually takes one to two days and is documented in an audit log. Anything that is found to be missing is then addressed, after which a technical report and – if required – a certificate is issued.
This assesses the finished product’s capabilities to defend against cyberattacks through preventive measures, according to standard ISO/SAE 21434. All the required product documentation is recorded and reviewed, and the results are documented and made available to the customer. Once again, there is opportunity for any missing stages or documents to be addressed. After this, a technical report is issued which contains the final cybersecurity assessment. A product certificate can also be acquired if needed.
Certification underlines your claim to have carried out a security assessment with the greatest possible independence. At the same time, it enables your customers to see the achieved level of embedded cybersecurity at a glance. The audit and assessment are largely a document check, in terms of form and content. The depth of the check is determined by the targeted Cybersecurity Assurance Level (CAL), which is agreed with you beforehand.
ISO/SAE 21434 also recommends the performance of dedicated tests, such as penetration testing and fuzz testing, for a cybersecurity assessment. We are happy to offer these if required.
SGS and automotive cybersecurity
SGS is the global leader in testing and verification services, and we are at the forefront of cybersecurity and S4S standardization. As such, we are perfectly placed to perform all the assessments, audits and certification services you need for cybersecurity standards, including ISO/SAE 21434.