ISO/SAE 21434 poses new challenges for many companies in the automotive supply chain. Among other things, the standard requires the implementation of a Cybersecurity Management System (CSMS) as well as a Cybersecurity Life Cycle in the internal development process.
ISO/SAE 21434 is a companion to the functional safety standard ISO 26262 and there are numerous interfaces between the two. In particular, ISO 26262 describes the Safety Life Cycle. If both the cybersecurity life cycle and the safety life cycle are to be reflected in the internal development processes, it is important to eliminate inconsistencies and use synergies sensibly.
These additional considerations have extended key milestones in the development process, but they are necessary if the new standard is to be met. Our experts can help you at every stage.
Cybersecurity & Security for Safety (S4S) consultancy services from SGS
We offer a range of consulting services to help you meet the requirements of ISO/SAE 21434 on the process side. Naturally, we can also support you during product development to prepare your processes, and the products developed under them, for the necessary audits or assessments.
The following services can be provided on-site or virtually:
- Gap analysis (1-2 days)
- Analysis of existing processes
- Evaluation of conformity to ISO/SAE 21434
- Definition of to-dos to close any open points
- Support for process implementation according to ISO/SAE 21434
- Definition of work packages (based on the results of the gap analysis)
- Creation of templates for the predefined work products of the standard
- Support in the development of guidelines
- Support in the implementation of a CSMS
- Support in the implementation of a security culture
- Support during process audits
- Product-related services
- Conducting/facilitating a hazard and risk analysis (TARA)
- Evaluation of potential vulnerabilities and risk assessment
- Workshops on attack tree analyses (ATAs)
- Advice on the selection of security measures at system, hardware and software level
- Support in the creation of the complete safety case
Cybersecurity testing services
Properly embedding cybersecurity requires a corresponding level of testing. SGS also offers a range of cybersecurity tests and assessments which are performed by colleagues who specialize in this area.
SGS and automotive cybersecurity & S4S
As an accredited body, SGS is at the forefront of cybersecurity and S4S standardization. We are a member of the European Public Private Partnership (PPP) for Cyber Security, the European Cyber Security Organization (ESCO) and the German Alliance for Cyber Security. Our multidisciplinary team is happy to share expertise with the automotive industry through our cybersecurity consulting service.