CYBER AND INFORMATION SECURITY SERVICE PACKAGE
ISO/SAE 21434 Standard: The Foundation of a New Era in Automotive Cybersecurity
Automotive Cybersecurity
In the modern automotive industry, cybersecurity is becoming increasingly important as cars become more connected to networks and employ more complex technologies. The ISO/SAE 21434 standard aims to provide comprehensive guidance on managing the cybersecurity processes for vehicles, ensuring their integrity, confidentiality, and availability. Our Automotive Cybersecurity services highlight the significance, objectives, and application areas of the ISO/SAE 21434 standard, with particular focus on the UN R155 and UN R156 regulations.
The Role of UN R155 and UN R156
The UN R155 and UN R156 regulations are part of the regulatory framework of the UNECE (United Nations Economic Commission for Europe), aimed at defining the cybersecurity and software update requirements for vehicles:
-
UN R155 (Cybersecurity and Cyber Security Management System): This regulation requires vehicle manufacturers to implement a Cyber Security Management System (CSMS) to protect vehicles against cyber threats throughout their lifecycle. Applying the ISO 21434 requirements is the most effective way to achieve this.
-
UN R156 (Software Update Processes and Management System): This regulation outlines the processes and requirements for software updates in vehicles, ensuring the safe and efficient updating of software.
These regulations are also key requirements for the homologation of vehicles and vehicle components.
The ISO/SAE 21434 standard and the UN R155 and UN R156 regulations together provide a comprehensive cybersecurity and software management framework for vehicles, essential for the safe operation of modern vehicles.
Objectives of the ISO/SAE 21434 Standard
The main objectives of the ISO/SAE 21434 standard include:
-
Managing Cybersecurity Risks: The standard provides guidance for identifying, assessing, and managing cybersecurity risks throughout the vehicle’s lifecycle.
-
Defining Security Requirements: It establishes the security requirements for vehicles, ensuring the implementation of appropriate protective measures.
-
Integrating Development Processes: It mandates the integration of cybersecurity considerations into vehicle development processes, including design, development, testing, and maintenance.
-
Promoting a Cybersecurity Culture: It promotes increased cybersecurity awareness and the establishment of a cybersecurity culture within automotive organizations.
Application Areas
The ISO/SAE 21434 standard applies broadly across various segments of the automotive industry:
-
Vehicle Manufacturers: The standard offers guidelines for integrating cybersecurity requirements into vehicle design and development processes.
-
Suppliers: It ensures suppliers adhere to appropriate cybersecurity requirements during the development of vehicle components and systems.
-
Service Providers: For service providers like telematics and software developers, the standard mandates the introduction of cybersecurity measures in their services.
-
Authorities: The standard provides a foundation for developing and applying national and international cybersecurity regulations.
Steps for ISO/SAE 21434 Certification:
To achieve ISO/SAE 21434 certification, a company typically follows these steps, with comprehensive consulting and certification tasks supported by QTICS Automotive Plc.:
-
Gap Analysis: The company identifies its current cybersecurity practices and processes, comparing them with ISO/SAE 21434 requirements to identify any gaps to be addressed before certification.
-
Training and Awareness: Employees receive training and awareness programs to understand the importance and requirements of ISO/SAE 21434, ensuring everyone in the company is aware of the cybersecurity measures.
-
Implementation: The company begins implementing necessary cybersecurity measures and practices based on ISO/SAE 21434 guidelines, enabling the installation of cybersecurity tools, software updates, and incident management plans.
-
Documentation: Detailed documentation of all cybersecurity processes and measures is prepared for review during the certification audit.
-
Internal Audit: The company conducts an internal audit to evaluate the effectiveness of cybersecurity measures and compliance with ISO/SAE 21434.
-
Pre-Assessment: The pre-assessment aims to gauge the organization’s readiness for the official certification audit. Any issues identified during the pre-assessment are addressed.
-
Certification Audit: The official certification audit is conducted by an accredited certification body. The auditor reviews the company’s documentation, processes, and practices to verify compliance with ISO/SAE 21434.
-
Corrective Actions: If non-conformities are found during the audit, the company must take corrective actions to address them.
-
Accredited Certificate: Upon meeting ISO/SAE 21434 requirements, the company receives an accredited certificate valid for three years, with regular (annual) surveillance audits to ensure continuous compliance.
Conclusion
The implementation of the ISO/SAE 21434 standard marks a milestone in automotive cybersecurity. Through comprehensive guidelines and requirements, it ensures the protection of vehicles against cyber threats, promoting the development and operation of safe and reliable vehicles. The combined application of the ISO/SAE 21434 standard and the UN R155 and UN R156 regulations is crucial for automotive stakeholders to meet global cybersecurity expectations and regulations, enhancing their competitiveness and safety levels in the global market. QTICS Automotive Plc. provides training, consulting, compliance assessment, component type approval/vehicle homologation, and certification services for cybersecurity compliance according to the above standards and regulations.
Related Other Information and Cybersecurity Services:
-
The GDPR (General Data Protection Regulation) is a regulation introduced by the European Union that governs the handling and protection of personal data. We are the first in Europe to be able to certify GDPR (Europrivacy certification) with accreditation.
-
ISO/IEC 27001 is an international standard that specifies the general requirements for information security management systems. We provide training, consulting, and certification services for it.
-
TISAX (Trusted Information Security Assessment Exchange) is the only automotive-specific security framework for information security assessment based on the requirements of the German VDA (German Association of the Automotive Industry). We provide the training and consulting services necessary for the implementation and operation.
-
The NIS2 (Network and Information Systems) directive is a European Union regulation aimed at unifying cybersecurity capabilities to strengthen the protection of organizations, which is also mandatory. We implement the cybersecurity requirements necessary for NIS2 compliance through our consulting services and provide the necessary training for the staff.
-
IEC 62443 is a standard for the protection of industrial control systems and the most effective cybersecurity solution for Industry 4.0. With the increased connectivity of production equipment (IIoT), new threats emerge that need to be incorporated into traditional risk management processes. The manufacturer (supplier) of industrial automation control system components must incorporate the security requirements according to IEC 62443 into product development processes. Our training, consulting and certification services are the keys to the cyber security compliance of industrial control systems.
PÉTER RÁCZ | PÉTER MÁTYUS | TAMÁS NOVÁK |
Head of Sales | CEO | BDM |
+36 30 164 2072 | +36 30 968 3655 | +36 30 322 2013 |
peter.racz@qtics.group | peter.matyus@qtics.group | tamas.novak@qtics.group |