ISO/SAE 21434

ISO/SAE 21434

Road vehicles — Cybersecurity engineering

About ISO/SAE 21434

ISO/SAE 21434 offers a thorough framework for managing cybersecurity risks in road vehicles' electrical and electronic (E/E) systems. The standard ensures cybersecurity is integrated throughout a vehicle's lifecycle, from design and development to production, operation, maintenance, and end-of-life. It addresses threats and vulnerabilities, aiding manufacturers and suppliers in implementing robust cybersecurity measures, thus protecting vehicles from cyberattacks and ensuring the safety of drivers and passengers.

The standard encompasses various facets of cybersecurity engineering, such as risk management, threat analysis, vulnerability assessment, and incident response. It advocates for a systematic approach to identifying and mitigating cybersecurity risks, and the necessity for continuous monitoring and improvement. By adopting ISO/SAE 21434, organizations can demonstrate their dedication to cybersecurity, meet regulatory demands, and bolster customer trust in their products, ultimately fostering a safer automotive industry.

Type of Audit

  • Certification Audit

Advantages of ISO/SAE 21434

  1. Customer Trust: Enhances customer confidence by demonstrating a commitment to vehicle cybersecurity.
  2. Regulatory Compliance: Helps meet regulatory requirements and standards, avoiding potential legal issues.
  3. Risk Mitigation: Provides a systematic approach to identifying and mitigating cybersecurity risks.
  4. Market Differentiation: Sets your organization apart from competitors by showcasing your dedication to cybersecurity.
  5. Continuous Improvement: Promotes ongoing monitoring and improvement of cybersecurity measures.

Certification Audit Process

  1. Request for A Proposal
    1. Company interested in certifying against ISO/IEC 27701 requests for a proposal from TUV NORD Thailand
  2. Certification Audit
    1. Stage 1: Documentation Review
    2. Stage 2: On-site Verification
  3. Issue of ISO/IEC 27701 Certificate
  4. Surveillance Audit 1 & 2 (within the next 2 years after the certificate is issued)
  5. Re-certification within the next 3 years after the certificate issued.