The first workbook for ISO/SAE 21434:2021 is now available – A must-have for cybersecurity managers in the automotive industry. It contains:
Following the successful sell-out of „The Essential Guide to ISO/SAE 21434“ and the „ISO/SAE 21434 Pocket Guide“, the teams at CYRES Consulting have released the highly anticipated ISO/SAE 21434:2021 Workbook.
The ISO/SAE 21434:2021 Workbook is the world’s first workbook on the most important standard for automotive cybersecurity to be officially licensed by ISO.
The new publication is designed to simplify practical work with the most crucial automotive cybersecurity standard and is the first ISO/SAE 21434:2021 Workbook to include the following contents:
The ISO/SAE 21434:2021 lists recommended minimum cybersecurity requirements for risk management throughout the entire vehicle lifecycle including concept, development, production, operation, maintenance, and decommissioning.
This results in 42 work products, and 101 requirements that need to be considered by professionals as a success factor to comply with UN Regulation No. 155.
However, the standard does not provide the necessary information to provide a deep understanding of the requirements and work products. The ISO/SAE 21434:2021 Workbook provides supportive explanations and interpretations from a practical perspective including best practices:
The ISO/SAE 21434:2021 Workbook provides templates and guidance for various key work products necessary not only for OEMs but also for suppliers in the automotive industry.
Planning is also crucial for cybersecurity, in that without it, allocating responsibilities, resources, and scheduling baselines is not possible. Especially, when activities need to be distributed among OEMs and suppliers, and therefore, planned.
Unequivocally, the ISO/SAE 21343:2021 requires the creation of a cybersecurity. As the central document to track cybersecurity activities and progress, it is essential to know how to structure and develop a cybersecurity plan correctly that covers all aspects required by the standard.
Kickstart your cybersecurity plan with the ISO/SAE 21434:2021, where you will find a reliable point of reference for this major work product based on best practices. With a sample cybersecurity plan in your hands, defining all aspects necessary for projects and all involved stakeholders correctly will no longer be a concern.
Besides the cybersecurity case being a work product for ISO/SAE 21434:2021 during the development phase, it is also a crucial document that can protect you in court against liability consequences in case cybersecurity vulnerabilities are discovered.
Moreover, the cybersecurity case also has a direct impact on the start of production and cybersecurity assessment. Therefore, knowing how it looks like, how to create it, and being able to identify the key aspects is essential to provide the required evidence.
The ISO/SAE 21434:2021 Workbook provides a template for the cybersecurity case work product based on real insights and lessons learned from previous automotive cybersecurity consultancy projects. Hereby, you will get a detailed look on each required section and enable your team to fill in gaps and provide enough evidence.
Cooperation is crucial for automotive players along the supply chain. To establish cooperation successfully, OEMs and suppliers must know exactly who is responsible for what and how development activities will be distributed, while having cybersecurity in mind.
In order to standardize distributed development activities, the ISO/SAE 21434:2021 requires a Cybersecurity Interface Agreement (CIA). In other words, the CIA marks the start for distributed development.
With the ISO/SAE 21434:2021 you will get an exemplary state of the art CIA template, know how to structure it and what must be included in accordance with the standard, and be able to clarify responsibilities. By having clear responsibilities, this work template will help you estimate time, cost, tasks, and plan resources accordingly.
You might already be familiar with Item definition, as it plays a role in the Functional Safety area according to ISO 26262. Likewise, it is also relevant for ISO/SAE 21434:2021 as stated in Clause 9.
The Item Definition can be seen as the technical starting point for the entire cybersecurity development. As it involves several teams and functions, it is essential to ensure there is a common understanding of how an “Item” is defined, what is required, and its impact during the concept phase.
With the Item definition templated provided in the ISO/SAE 21434:2021 Workbook, you will not only cover the necessary knowledge across involved stakeholders, but by doing so, you will also lay the for the subsequent Concept Phase steps.
From the ISO/SAE 21434:2021 perspective, the cybersecurity concept not only is a work product, but it also sets the foundation to protect systems against hacks. Its important role in cybersecurity development cannot be underestimated as it also relates to the item definition, and cybersecurity goals and claims resulting from the TARA.
Lacking a clear understanding of the role of the cybersecurity concept across the supply chain could cause the integration of cybersecurity to the vehicle to fail. Thus, this work product is crucial for both OEMs and suppliers.
Get a step-by-step approach on how to create a cybersecurity concept through our experience in automotive cybersecurity consulting with the template included on the ISO/SAE 21434:2021 Workbook.
As vehicles become more sophisticated and intercommunicated, new attack vectors and threats are constantly arising. Therefore, having a systemic risk assessment during the concept phase in automotive development projects it’s essential.
The ISO/SAE 21434 specifically recommends the Threat Analysis and Risk Assessment, or TARA in short, to identify potential threats and deal with them systematically.
Along the contents of the ISO/SAE 21434:2021 workbook, you will not only get to know what the TARA entails in practice, but also get a proven template created and applied by industry experts; such as throughout our automotive cybersecurity consultancy.
Widen your perspective on ISO/SAE 21434:2021 with additional expert insights collected in a revealing interview series with well-known leaders in automotive cybersecurity. Throughout these expert interviews, you will gain additional background information and a deeper understanding of various topics, not only from an OEM practical perspective but also from suppliers‘ point of view, such as audits, assessments, certifications, and more.
You may already be aware of the upcoming certifications and audits that ISO PAS 5112 aims to standardize across the entire automotive supply chain, as well as the need to establish a Cybersecurity Management System as required by UN Regulation No. 155.
In an interview with Dr. Fabian Lanze, Head of Cybersecurity at Huf Group, who successfully led his cybersecurity team in passing a customer’s ISO/SAE 21434 audit, you will gain insights on certifications and assessments from a supplier perspective.
Additionally, you can learn about audits, assessments, and certifications directly from TUEV SGS Saar, one of the organizations that helped establish the ISO/SAE 21434. TUEV SGS Saar is a leading inspection company specializing in inspection, testing, verification, and certification.
Continuing the discussion on audits and certifications, in an interview with our Partner, Manuel Sandler, you will recognize the importance of conducting pre-audits and assessments, such as the ISO/SAE 21434 Gap Analysis. Manuel will share best practices, strategies, and recommendations based on his extensive experience in project and process management in the automotive industry.
Lastly, Philipp Veronesi, our Managing Director at CYRES Consulting and a well-known authority in the field of automotive cybersecurity, will highlight the possibilities and opportunities that arise with cybersecurity becoming a new quality dimension. Get inspired by his vision for automotive cybersecurity and its significance for the industry.
The ISO/SAE 21434:2021 Workbook can be ordered via the learning platform. Click here to go directly to the platform and to the ISO/SAE 21434:2021 Workbook product.
Please note: When you order the Workbook on the platform, you initially create a user account with the e-mail address used, which you can then use to access the video courses and download the Workbook.
As the world’s first ISO/SAE 21434:2021 Workbook officially licensed by ISO, you will get step by step guidance along the most relevant automotive cybersecurity standard, with a hands-on approach and proven work templates as a bonus.
By providing practical guidance and focusing on significant details beyond the ISO standard, you will gain a comprehensive and holistic understanding of the ISO/SAE 21434:2021 and its most pressing requirements. Moreover, the modular structure with all clauses allows for quick and easy navigation through the complete ISO/SAE 21434:2021 standard.
1.1. Cybersecurity as new quality dimension Interview with Philipp Veronesi
1.2 Glossary: Terms and Definitions
2.1 Introduction to ISO/SAE 21434:2021 (based on Figure 3)
2.2 ISO/SAE 21434:2021 Requirements – Officially licensed by ISO
2.3 ISO/SAE 21434 Gap analysis Interview with Manuel Sandler
2.4 UN Regulation No. 155
2.4.1 Introduction to UN Regulation No. 155
2.4.2 Structure of UN Regulation No. 155
2.4.3 Relationship between UN Regulation No. 155 and ISO/SAE 21434:2021
2.4.4 Mapping UN Regulation No. 155 onto ISO/SAE 21434:2021
2.5 Achieving UN R155 Compliance Interview with Frank Langner
2.6 Automotive SPICE for Cybersecurity
2.6.1 Introduction to Automotive SPICE
2.6.2 Cybersecurity Processes
2.6.3 Other Processes that Support Cybersecurity
2.6.4 Mapping Automotive SPICE for Cybersecurity onto ISO/SAE 21434:2021
3.1 ISO/SAE 21434 Personnel Certification Interview with Sendhilraja Rajaraman
3.2 Cybersecurity Plan [WP-06-01]
3.2.1 Cybersecurity Plan at a glance
3.2.2 Template Overview
3.2.3 Cybersecurity Plan – Review Checklist
3.2.4 Introduction into the Cybersecurity Plan
3.2.5 Excursus: Creation of templates
3.2.6 Introduction: Additional templates for cybersecurity planning besides the Cybersecurity Plan
3.2.7 Template for the Cybersecurity Work Product Task Plan
3.2.8 Template for the Cybersecurity Plan
3.2.9 Cybersecurity Plan: Best Practice and What to Avoid
3.3 Cybersecurity Interface Agreement [WP-07-01]
3.3.1 Cybersecurity Interface Agreement at a glance
3.3.2 Template Overview
3.3.3 Cybersecurity Interface Agreement – Review Checklist
3.3.4 Introduction into the CIA
3.3.5 Template for the Cybersecurity Interface Agreement
3.3.6 Cybersecurity Interface Agreement: Best Practice and What to Avoid
3.4 ISO/SAE 21434 Certification for suppliers Interview with Dr. Fabian Lanze
3.5 Cybersecurity Case [WP-06-02]
3.5.1 Cybersecurity Case at a glance
3.5.2 Template overview
3.5.3 Cybersecurity Case – Review Checklist
3.5.4 Introduction into the Cybersecurity Case
3.5.5 Template for the Cybersecurity Case
3.5.6 Cybersecurity Case: Best Practice and What to Avoid
4.1 Item Definition [WP-09-01]
4.1.1 Item Definition at a glance
4.1.2 Template overview
4.1.3 Item Definition – Review Checklist
4.1.4 Introduction into the Item Definition
4.1.5 Template for the Item Definition
4.1.6 Item Definition: Best Practice and What to Avoid
4.2 Threat Analysis and Risk Assessment (TARA) [WP-09-02]
4.2.1 TARA at a glance
4.2.2 Template overview
4.2.3 TARA – Review Checklist
4.2.4 Introduction into the TARA
4.2.5 Template for the TARA
4.2.6 TARA: Best Practice and What to Avoid
4.3 Cybersecurity Concept [WP-09-06]
4.3.1 Cybersecurity Concept at a glance
4.3.2 Template overview
4.3.3 Cybersecurity Concept – Review Checklist
4.3.4 Introduction into Cybersecurity Concept
4.3.5 Template for the Cybersecurity Concept
4.3.6 Cybersecurity Concept: Best Practice and What to Avoid
4.4 Cybersecurity Controls’ catalogue
4.4.1 Introduction to Controls
4.4.2 Cryptography Basics
4.4.3 Secure Software Update
4.4.4 Secure Boot
4.4.5 Secure Communication
4.4.6 Secure Debugging
4.4.7 Secure Diagnostics
4.4.8 Secure Memory
4.4.9 Event Logging and Intrusion Detection
4.4.10 Physical Tampering Protection
4.4.11 Project Level Controls
4.4.12 Production Line Security
4.5 Audits, assessments, and certifications Interview with Prof. Karol Niewiadomski
The ISO/SAE 21434:2021 Workbook (planned release: end of Q3/2023) is the world’s first officially licensed workbook for the ISO/SAE 21434:2021 („First Edition“). In addition to the contents of the standard (all work products, mapped to the respective requirements, recommendations and permissions), it contains practical templates including comprehensive explanations of the most important Work products of the standard (e.g. the Cybersecurity Plan, Cybersecurity Interface agreement, Item definition, etc.) as well as further knowledge contents around the implementation of cybersecurity in the automotive industry.
The ISO/SAE 21434:2021 Workbook, which can be clicked through digitally (as a PDF), is intended to be a working aid when it comes to the actual implementation of the standard: With an overview of all work products of the standard, formulated templates, and explanations of work products, and other knowledge content, the workbook is intended to enable real implementation of the standard in one’s own organization.
The official sales price of the ISO/SAE 21434:2021 Workbook, published by CYRES Consulting (expected release date: September 30, 2023), is net EUR 195,- (excluding tax). The sale is worldwide, and delivery of the PDF file starts on the date of publication. All contents of ISO/SAE 21434:2021 are published with an official license from ISO.
This workbook is aimed at those responsible for implementing ISO/SAE 21434 along the value chain of the automotive industry. It contains concrete assistance, explanations and interpretation approaches on how to implement the (very general) ISO 21434:2021 standard in real practice. Whether you are a cybersecurity engineer, a cybersecurity manager or have responsibilities in quality management or development work (software, hardware, etc.) – this workbook is helpful for everyone who has to deal with the implementation of cybersecurity along ISO/SAE 21434 in their daily work.
The ISO/SAE 21434:2021 Workbook (published solely as a digital Ebok/PDF) is estimated to be around 250 pages long, including the officially ISO-licensed extracts of the standard.
The purchase of the ISO/SAE 21434:2021 Workbook (Ebook/PDF) is only possible via the learning platform of the CYRES Academy (one unit per customer). The learning platform is designed as a self-service platform, so the buyer who executes the order also wants to obtain the workbook (Ebook/PDF). Do you need support for your order as a purchasing department, bookseller, or with the wish of a bulk order for your organization/team? Please use the contact form below.
If you need a quote or your purchase department needs custom support, please send your non-binding inquiry using the form on the left.
Over the years consulting for and supporting organizations to ensure cybersecurity competence and knowledge, we are certain empowering professionals in the automotive industry with reliable educational materials enables organizations to build the required cybersecurity know-how and competence.
With the world’s first ISO/SAE 21434:2021 Workbook – officially licensed by ISO, you will provide your organization, teams, and colleagues with a practical guidance through the standard and set the groundwork to comply with ISO/SAE 21434:2021.
Previous to the ISO/SAE 21434:2021 Workbook, we have shipped hundreds of copies of our ISO/SAE 21434 Pocket guide and The Essential Guide to ISO/SAE 21434 to leading OEMs and suppliers worldwide.
