ISO/SAE 21434: The quality standard for cybersecurity in the automotive sector
As autonomous and connected vehicle technologies develop, so do the risks of cybersecurity breaches and malicious cyberattacks. Wireless interfaces can allow hackers access to the electronic control systems of the vehicle itself, placing the safety of passengers and the general public seriously at risk. Plans for an external Wireless Vehicle Infrastructure are already in the pipeline and present further challenges to those who are responsible for road safety.
Against this backdrop, UNECE (United Nations Economic Commission for Europe) has issued rules for vehicle manufacturers and their supply chains with the aim of improving cybersecurity within the sector. Cybersecurity for the automotive industry requires detailed consideration of all security aspects, in other words of products, processes and IT systems – and the whole warranted life of the vehicle has to be covered.
This has resulted in the issue of Standard ISO/SAE 21434 on "Road Vehicles – Cyber Security Engineering". The standard takes a process approach and its aim is to achieve security for all electrical and in particular electronic systems during the entire vehicle lifetime.
Cybersecurity in the vehicle sector and ISO/SAE 21434 are therefore relevant for all players in the automotive market, from development, manufacture and sale through to the final user.
What are the target groups for standard ISO/SAE 21434?
- Vehicle manufacturers
- Suppliers of hard and software-based components and systems
- Suppliers of engineering services
- Software and ICT infrastructure providers
We from TÜV NORD CERT have wide-ranging expertise and experience in the area of cybersecurity and will be happy to support you in your certification to ISO/SAE 21434. Do you have any questions on the structure and requirements of this standard? Then please do not hesitate to contact us.
Benefits of certification to ISO/SAE 21434
- The audit criteria are relevant for the automotive sector, and the assessment and reporting procedures are standardised
- Certification to ISO/SAE 21434 is a basis for conformity with UN ECE 155/156
- Neutral attestation by TÜV NORD CERT of compliance with ISO/SAE 21434 provides transparency and builds trust of customers and business partners
- Cost and risk reduction through identification and elimination of digital security gaps from the very beginning
- Lowest possible risk of errors and faults and therefore of reputational damage
- Your customer focus, performance capability, quality and security all become visible to third parties
- Transparent feedback from competent TÜV NORD security experts help you to develop as a learning organisation
- You have certified proof of continual improvement in the level of your security against cyber crime
Whitepaper ISO/SAE 21434
Greater digitalization and networking in the automotive sector increases the risk of cyber attack. In our 5-page whitepaper you will learn in a compact way:
- Background to UNECE Regulation R 155
- Obligation of automotive suppliers to provide evidence
- Essential requirements of ISO/SAE 21434
- Advantages of certification
Download with restricted access
FAQs
Certification according to ISO/SAE 21434 is important for all OEMs, system integrators and suppliers to the automotive industry.
ISO 21434 can be used for all (networked) components, systems, software and hardware within the automotive sector.
TISAX® is also directed at suppliers of OEMs, but it is not concerned with product testing. The assessments focus on the organisation itself with its interfaces and processes. ISO/SAE 21434 goes beyond this, fills the gap and can also be simply integrated into an existing management system.
Starting from 01.01.2022, UN ECE 155 requires binding evidence of a cyber security management system for the automotive sector. Compliance with ISO 21434 is one way of providing this.
Successfully through TÜV NORD certification
With international recognition as an IATF contractual partner and a global network of experts, we are able to offer our services all over the world, supporting our clients individually with the necessary technical expertise in many different areas of certification. We have the necessary accreditations and approvals in order to perform audits and certifications to IATF 16949 and many other management system standards, and can call upon both multinational teams and local auditors to serve your needs.
We are looking forward to your inquiry
Head for Certifications of Information Security Management Systems
Tel.: +49 (0)201 825-2213
hhoffmann@tuev-nord.de
Funktionale Sicherheit & Security
Tel.: +49 201 825 3299
mspringer@tuev-nord.de