The first workbook for ISO/SAE 21434:2021 is available now – A must-have for cybersecurity managers in the automotive industry. It contains:

  • All practice-relevant content of the ISO (all 42 Work products, mapped to RQs, RCs and PMS) – with official license by ISO.
  • Templates with clear instructions for the most important work products, such as the Cybersecurity Plan, the CIA, TARA etc.
  • Additional comprehensive knowledge about the implementation of automotive cybersecurity.
Order now
An abstract

ISO/SAE 21434:2021 Workbook

Following the successful sell-out of “The Essential Guide to ISO/SAE 21434” and the “ISO/SAE 21434 Pocket Guide”, the teams at CYRES Consulting have released the highly anticipated ISO/SAE 21434:2021 Workbook.

The ISO/SAE 21434:2021 Workbook is the world’s first workbook on the most important standard for automotive cybersecurity to be officially licensed by ISO.

The new publication is designed to simplify practical work with the most crucial automotive cybersecurity standard and is the first ISO/SAE 21434:2021 Workbook to include the following contents:

  • all work products (and corresponding requirements, recommendations and permissions) of ISO/SAE 21434:2021 (“First Edition”) – officially licensed by ISO
  • Field-tested templates for key work products, such as Cybersecurity Plan, CIA, Item Definition, Cybersecurity Concept, TARA, and more
  • Complementary wide-ranging knowledge on cybersecurity in automotive: a catalog on cybersecurity controls, interviews with industry experts around the application of ISO/SAE 21434 in practice, and more.
Officially licensed by ISO


The ISO/SAE 21434:2021 lists recommended minimum cybersecurity requirements for risk management throughout the entire vehicle lifecycle including concept, development, production, operation, maintenance, and decommissioning.

This results in 42 work products, and 101 requirements that need to be considered by professionals as a success factor to comply with UN Regulation No. 155.

However, the standard does not provide the necessary information to provide a deep understanding of the requirements and work products. The ISO/SAE 21434:2021 Workbook provides supportive explanations and interpretations from a practical perspective including best practices:

  • Rest assured all 42 work products incl. RQs, RCs, and PMs are officially licensed by ISO
  • Conveniently and clearly arranged along the ISO/SAE 21434:2021 standard
  • Get reliable reference material that has been reviewed and approved by experts in the field
Field tested


The ISO/SAE 21434:2021 Workbook provides templates and guidance for various key work products necessary not only for OEMs but also for suppliers in the automotive industry.

  • Inside, you will find comprehensive coverage of essential work products including the Cybersecurity Plan, Cybersecurity Case, Cybersecurity Interface Agreement, Item Definition, Cybersecurity Concept, and Threat Analysis and Risk Assessment.
  • With a practical guidance, you will be able to understand the purpose, key elements, and steps involved in creating each work product
  • All provided templates serve as a starting point for specific projects and organization needs
  • Implement industry best practices with templates based on real insights and lessons learned from previous automotive cybersecurity consultancy projects
  • Get practical knowledge that has already been tested in real-world scenarios
  • Rest assured the templates are aligned with ISO/SAE 21434:2021 and support you on ensuring compliance


Planning is also crucial for cybersecurity, in that without it, allocating responsibilities, resources, and scheduling baselines is not possible. Especially, when activities need to be distributed among OEMs and suppliers, and therefore, planned.

Unequivocally, the ISO/SAE 21343:2021 requires the creation of a cybersecurity. As the central document to track cybersecurity activities and progress, it is essential to know how to structure and develop a cybersecurity plan correctly that covers all aspects required by the standard.

Kickstart your cybersecurity plan with the ISO/SAE 21434:2021, where you will find a reliable point of reference for this major work product based on best practices. With a sample cybersecurity plan in your hands, defining all aspects necessary for projects and all involved stakeholders correctly will no longer be a concern.


Besides the cybersecurity case being a work product for ISO/SAE 21434:2021 during the development phase, it is also a crucial document that can protect you in court against liability consequences in case cybersecurity vulnerabilities are discovered.

Moreover, the cybersecurity case also has a direct impact on the start of production and cybersecurity assessment. Therefore, knowing how it looks like, how to create it, and being able to identify the key aspects is essential to provide the required evidence.

The ISO/SAE 21434:2021 Workbook provides a template for the cybersecurity case work product based on real insights and lessons learned from previous automotive cybersecurity consultancy projects. Hereby, you will get a detailed look on each required section and enable your team to fill in gaps and provide enough evidence.


Cooperation is crucial for automotive players along the supply chain. To establish cooperation successfully, OEMs and suppliers must know exactly who is responsible for what and how development activities will be distributed, while having cybersecurity in mind.

In order to standardize distributed development activities, the ISO/SAE 21434:2021 requires a Cybersecurity Interface Agreement (CIA). In other words, the CIA marks the start for distributed development.

With the ISO/SAE 21434:2021 you will get an exemplary state of the art CIA template, know how to structure it and what must be included in accordance with the standard, and be able to clarify responsibilities. By having clear responsibilities, this work template will help you estimate time, cost, tasks, and plan resources accordingly.


You might already be familiar with Item definition, as it plays a role in the Functional Safety area according to ISO 26262. Likewise, it is also relevant for ISO/SAE 21434:2021 as stated in Clause 9.

The Item Definition can be seen as the technical starting point for the entire cybersecurity development. As it involves several teams and functions, it is essential to ensure there is a common understanding of how an “Item” is defined, what is required, and its impact during the concept phase.

With the Item definition templated provided in the ISO/SAE 21434:2021 Workbook, you will not only cover the necessary knowledge across involved stakeholders, but by doing so, you will also lay the for the subsequent Concept Phase steps.


From the ISO/SAE 21434:2021 perspective, the cybersecurity concept not only is a work product, but it also sets the foundation to protect systems against hacks. Its important role in cybersecurity development cannot be underestimated as it also relates to the item definition, and cybersecurity goals and claims resulting from the TARA.

Lacking a clear understanding of the role of the cybersecurity concept across the supply chain could cause the integration of cybersecurity to the vehicle to fail. Thus, this work product is crucial for both OEMs and suppliers.

Get a step-by-step approach on how to create a cybersecurity concept through our experience in automotive cybersecurity consulting with the template included on the ISO/SAE 21434:2021 Workbook.


As vehicles become more sophisticated and intercommunicated, new attack vectors and threats are constantly arising. Therefore, having a systemic risk assessment during the concept phase in automotive development projects it’s essential.

The ISO/SAE 21434 specifically recommends the Threat Analysis and Risk Assessment, or TARA in short, to identify potential threats and deal with them systematically.

Along the contents of the ISO/SAE 21434:2021 workbook, you will not only get to know what the TARA entails in practice, but also get a proven template created and applied by industry experts; such as throughout our automotive cybersecurity consultancy.

Expert insights

Widen your perspective on ISO/SAE 21434:2021 with additional expert insights collected in a revealing interview series with well-known leaders in automotive cybersecurity. Throughout these expert interviews, you will gain additional background information and a deeper understanding of various topics, not only from an OEM practical perspective but also from suppliers’ point of view, such as audits, assessments, certifications, and more.

You may already be aware of the upcoming certifications and audits that ISO PAS 5112 aims to standardize across the entire automotive supply chain, as well as the need to establish a Cybersecurity Management System as required by UN Regulation No. 155.

In an interview with Dr. Fabian Lanze, Head of Cybersecurity at Huf Group, who successfully led his cybersecurity team in passing a customer’s ISO/SAE 21434 audit, you will gain insights on certifications and assessments from a supplier perspective.

Additionally, you can learn about audits, assessments, and certifications directly from TUEV SGS Saar, one of the organizations that helped establish the ISO/SAE 21434. TUEV SGS Saar is a leading inspection company specializing in inspection, testing, verification, and certification.

Continuing the discussion on audits and certifications, in an interview with our Partner, Manuel Sandler, you will recognize the importance of conducting pre-audits and assessments, such as the ISO/SAE 21434 Gap Analysis. Manuel will share best practices, strategies, and recommendations based on his extensive experience in project and process management in the automotive industry.

Lastly, Philipp Veronesi, our Managing Director at CYRES Consulting and a well-known authority in the field of automotive cybersecurity, will highlight the possibilities and opportunities that arise with cybersecurity becoming a new quality dimension. Get inspired by his vision for automotive cybersecurity and its significance for the industry.

ISOSAE 21434 2021 Workbook Chapter Overview
How to order your ISO/SAE 21434:2021 Workbook

The ISO/SAE 21434:2021 Workbook can be ordered via the learning platform. Click here to go directly to the platform and to the ISO/SAE 21434:2021 Workbook product.

  1. Complete the order, including payment on the platform. You will receive an invoice afterwards.
  2. You will immediately receive the confirmation email and all information for the access to the digital ebook.
  3. Download your copy of the ISO/SAE 21434:2021 Workbook (Digital/PDF) within 48 hours from receiving the confirmation email before the download link expires.

Please note: When you order the Workbook on the platform, you initially create a user account with the e-mail address used, which you can then use to access the video courses and download the Workbook.

A look inside

As the world’s first ISO/SAE 21434:2021 Workbook officially licensed by ISO, you will get step by step guidance along the most relevant automotive cybersecurity standard, with a hands-on approach and proven work templates as a bonus.

By providing practical guidance and focusing on significant details beyond the ISO standard, you will gain a comprehensive and holistic understanding of the ISO/SAE 21434:2021 and its most pressing requirements. Moreover, the modular structure with all clauses allows for quick and easy navigation through the complete ISO/SAE 21434:2021 standard.

1. Introduction

1.1. Cybersecurity as new quality dimension Interview with Philipp Veronesi 

1.2 Glossary: Terms and Definitions 

2. Standards and Regulations

2.1 Introduction to ISO/SAE 21434:2021 (based on Figure 3) 

2.2 ISO/SAE 21434:2021 Requirements – Officially licensed by ISO

2.3 ISO/SAE 21434 Gap analysis Interview with Manuel Sandler

2.4 UN Regulation No. 155
2.4.1 Introduction to UN Regulation No. 155
2.4.2 Structure of UN Regulation No. 155
2.4.3 Relationship between UN Regulation No. 155 and ISO/SAE 21434:2021
2.4.4 Mapping UN Regulation No. 155 onto ISO/SAE 21434:2021

2.5 Achieving UN R155 Compliance Interview with Frank Langner

2.6 Automotive SPICE for Cybersecurity
2.6.1 Introduction to Automotive SPICE
2.6.2 Cybersecurity Processes
2.6.3 Other Processes that Support Cybersecurity
2.6.4 Mapping Automotive SPICE for Cybersecurity onto ISO/SAE 21434:2021

3. Practical Experience Insights in Cybersecurity Management

3.1 ISO/SAE 21434 Personnel Certification Interview with Sendhilraja Rajaraman

3.2 Cybersecurity Plan [WP-06-01]
3.2.1 Cybersecurity Plan at a glance
3.2.2 Template Overview
3.2.3 Cybersecurity Plan – Review Checklist
3.2.4 Introduction into the Cybersecurity Plan
3.2.5 Excursus: Creation of templates
3.2.6 Introduction: Additional templates for cybersecurity planning besides the Cybersecurity Plan
3.2.7 Template for the Cybersecurity Work Product Task Plan
3.2.8 Template for the Cybersecurity Plan
3.2.9 Cybersecurity Plan: Best Practice and What to Avoid

3.3 Cybersecurity Interface Agreement [WP-07-01]
3.3.1 Cybersecurity Interface Agreement at a glance
3.3.2 Template Overview
3.3.3 Cybersecurity Interface Agreement – Review Checklist
3.3.4 Introduction into the CIA
3.3.5 Template for the Cybersecurity Interface Agreement
3.3.6 Cybersecurity Interface Agreement: Best Practice and What to Avoid

3.4 ISO/SAE 21434 Certification for suppliers Interview with Dr. Fabian Lanze

3.5 Cybersecurity Case [WP-06-02]
3.5.1 Cybersecurity Case at a glance
3.5.2 Template overview
3.5.3 Cybersecurity Case – Review Checklist
3.5.4 Introduction into the Cybersecurity Case
3.5.5 Template for the Cybersecurity Case
3.5.6 Cybersecurity Case: Best Practice and What to Avoid

4. Practical Experience Insights in Cybersecurity Engineering

4.1 Item Definition [WP-09-01]
4.1.1 Item Definition at a glance
4.1.2 Template overview
4.1.3 Item Definition – Review Checklist
4.1.4 Introduction into the Item Definition
4.1.5 Template for the Item Definition
4.1.6 Item Definition: Best Practice and What to Avoid

4.2 Threat Analysis and Risk Assessment (TARA) [WP-09-02]
4.2.1 TARA at a glance
4.2.2 Template overview
4.2.3 TARA – Review Checklist
4.2.4 Introduction into the TARA
4.2.5 Template for the TARA
4.2.6 TARA: Best Practice and What to Avoid

4.3 Cybersecurity Concept [WP-09-06]
4.3.1 Cybersecurity Concept at a glance
4.3.2 Template overview
4.3.3 Cybersecurity Concept – Review Checklist
4.3.4 Introduction into Cybersecurity Concept
4.3.5 Template for the Cybersecurity Concept
4.3.6 Cybersecurity Concept: Best Practice and What to Avoid 

4.4 Cybersecurity Controls’ catalogue
4.4.1 Introduction to Controls
4.4.2 Cryptography Basics
4.4.3 Secure Software Update
4.4.4 Secure Boot
Secure Communication
4.4.6 Secure Debugging
Secure Diagnostics
Secure Memory
Event Logging and Intrusion Detection
Physical Tampering Protection
Project Level Controls
Production Line Security 

4.5 Audits, assessments, and certifications Interview with Prof. Karol Niewiadomski 

Trusted by professionals


The Pocket Guide is great! It is one of the best postal mails I have received in the last few months. It will definitely help me get a better understanding of the Automotive Cybersecurity Standard.
Luis Alberto Benthin SanguinoIT Security Engineer at T-Systems 🇩🇪
Reach in, jump directly into the different clauses, clear presentation! The Pocket Guide is a great tool for a systematic approach to ISO/SAE 21434.
Thomas WaldhuberCybersecurity Manager at Veoneer 🇸🇪
The informational event for management level and decision makers was a perfect fit to give our colleagues a summarized introduction while at the same time a holistic overview around the challenges of automotive cybersecurity. Especially valuable: the opportunity for specific questions and answers.
Peter SchooCyber Security & Privacy Lab at Huawei Munich Research Center 🇩🇪
The ISO/SAE 21434 Automotive Cybersecurity training by CYRES Consulting was extremely interesting and useful for Automotive Space. The training material is impressive, informative and closed the loop very nicely. Thank you very much!
Anand BeedinalGlobal Electronics – E/E Project Manager at Joyson Safety Systems 🇺🇸
The dimensions and challenges of automotive cybersecurity are very complex for the companies involved. This makes it all the more difficult to find high-quality, correct and practice-oriented information sources. The awareness session with CYRES was worth gold for our management.
Maher SahliFunctional Safety & Cybersecurity Group Manager at Weber Hydraulic GmbH 🇩🇪
We considered the awareness session with CYRES Consulting, especially around UN R155 and UN R156 very useful. It gave our team a sense of the scope we need with our client in this context. We are currently working with our client and look forward to working with CYRES Consulting in more depth on these topics in the future once these scopes are established.
Sven SchranGeneral Manager at IRDI System 🇨🇦
The ACP Foundation Training by CYRES is the ideal way to get a quick introduction to the topic of cybersecurity at the vehicle level. Highly varied didactic materials set the ground for an informative and entertaining training.
Frank LangnerFunctional Safety and Cyber Security Manager at Aston Martin 🇬🇧
The training gave an extensive overview about Automotive Cybersecurity taking into account the entire Product Lifecycle. Finally, it is a solid basis to continue with the learning path up to the Automotive Cybersecurity Professional Expert Level.
Sven SchranProduct Security Officer at Robert Bosch 🇩🇪

Frequently Asked Questions

What is the ISO/SAE 21434:2021 Workbook?

The ISO/SAE 21434:2021 Workbook (planned release: end of Q3/2023) is the world’s first officially licensed workbook for the ISO/SAE 21434:2021 (“First Edition”). In addition to the contents of the standard (all work products, mapped to the respective requirements, recommendations and permissions), it contains practical templates including comprehensive explanations of the most important Work products of the standard (e.g. the Cybersecurity Plan, Cybersecurity Interface agreement, Item definition, etc.) as well as further knowledge contents around the implementation of cybersecurity in the automotive industry.

I have the Pocket Guide and/or The Essential Guide to ISO/SAE 21434 from CYRES Consulting. Why do I need the ISO/SAE 21434:2021 Workbook?

The ISO/SAE 21434:2021 Workbook, which can be clicked through digitally (as a PDF), is intended to be a working aid when it comes to the actual implementation of the standard: With an overview of all work products of the standard, formulated templates, and explanations of work products, and other knowledge content, the workbook is intended to enable real implementation of the standard in one’s own organization.

How much does the ISO/SAE 21434:2021 Workbook (Ebook/PDF) cost?

The official sales price of the ISO/SAE 21434:2021 Workbook, published by CYRES Consulting (expected release date: September 30, 2023), is net EUR 195,- (excluding tax). The sale is worldwide, and delivery of the PDF file starts on the date of publication. All contents of ISO/SAE 21434:2021 are published with an official license from ISO.

Who is the ISO/SAE 21434:2021 Workbook aimed at? Who is the target audience?

This workbook is aimed at those responsible for implementing ISO/SAE 21434 along the value chain of the automotive industry. It contains concrete assistance, explanations and interpretation approaches on how to implement the (very general) ISO 21434:2021 standard in real practice. Whether you are a cybersecurity engineer, a cybersecurity manager or have responsibilities in quality management or development work (software, hardware, etc.) – this workbook is helpful for everyone who has to deal with the implementation of cybersecurity along ISO/SAE 21434 in their daily work.

What is the scope of the ISO/SAE 21434:2021 Workbook?

The ISO/SAE 21434:2021 Workbook (published solely as a digital Ebok/PDF) is estimated to be around 250 pages long, including the officially ISO-licensed extracts of the standard.

Where can I purchase the ISO/SAE 21434:2021 Workbook?

The purchase of the ISO/SAE 21434:2021 Workbook (Ebook/PDF) is only possible via the learning platform of the CYRES Academy (one unit per customer). The learning platform is designed as a self-service platform, so the buyer who executes the order also wants to obtain the workbook (Ebook/PDF). Do you need support for your order as a purchasing department, bookseller, or with the wish of a bulk order for your organization/team? Please use the contact form below.

    Equip your team with the world’s first ISO/SAE 21434:2021 Workbook officially licensed by ISO

    If you need a quote or your purchase department needs custom support, please send your non-binding inquiry using the form on the left.

    Over the years consulting for and supporting organizations to ensure cybersecurity competence and knowledge, we are certain empowering professionals in the automotive industry with reliable educational materials enables organizations to build the required cybersecurity know-how and competence.

    With the world’s first ISO/SAE 21434:2021 Workbook – officially licensed by ISO, you will provide your organization, teams, and colleagues with a practical guidance through the standard and set the groundwork to comply with ISO/SAE 21434:2021.

    Previous to the ISO/SAE 21434:2021 Workbook, we have shipped hundreds of copies of our ISO/SAE 21434 Pocket guide and The Essential Guide to ISO/SAE 21434 to leading OEMs and suppliers worldwide.


    Error: Contact form not found.


    Essential Guide

    The Essential Guide to ISO/SAE 21434

    How to manage the challenges of the new automotive cybersecurity standards and regulations

    Essential Guide

    The Essential Guide to ISO/SAE 21434

    How to manage the challenges of the new automotive cybersecurity standards and regulations