ISO/SAE 21434 Compliance

Building a safe and secured product is the ultimate goal and every employee as a role to play. We have developed trainings sets adapted to all stakeholders from executive team (C-suite, V-suite) to engineering departments (System, Safety, HW and SW engineers) and production lines to increase cybersecurity awareness and foster cybersecurity culture within your organization.

Independent snapshot from our ISO 21434 certified expert to identify gaps and define incremental action plan toward certification and compliance. Our Gap Analysis covers various topics such as Organisational, Project and Product Level Risk Assessment and can be adapted to your unique context.

This is the starting point and the “command and control” of all Cybersecurity efforts. From the initial Cybersecurity framework definition up to Cybersecurity Management System third party certification, we will help you institute, audit (ISO PAS 5112) and maintain cybersecurity governance, including cybersecurity awareness management, competence management and continuous improvement.

Unsecured software updates (new navigation features, firmware updates to ECU) can introduce vulnerabilities at vehicle level. Our Software and Security team will define processes, methods and suggest platform solution to handle Over The Air (OTA) SW updates compliant with ISO 24089 Road vehicles – Software update engineering.

Cybersecurity must be integrated into all phases of the project to ensure a component can be released for post-development from a cybersecurity perspective. Our experienced cybersecurity managers will define the Cybersecurity Interface Agreement (CIA) and Cybersecurity Plan, build the Cybersecurity Case and help you toward third-party Cybersecurity Assessment.

Automotive products are often being developed as out of context (aka without specific customer requirements). Our product engineering department will recommend system architecture including HW/SW features to comply with “must have” OEM cybersecurity requirements and prevent costly redesign in the end.

Continual cybersecurity activities must be performed during all the phases of the lifecycle and can be done outside of a specific project. We will define a dedicated process to:

• Monitor cybersecurity information to identify cybersecurity events. 
• Evaluate cybersecurity events to identify weaknesses.
• Identify vulnerabilities from weaknesses.
• Manage and respond to identified vulnerabilities and Incidents.

Identifying threats and risk associated is key to define the most adapted risk reduction methods. Our cybersecurity risk analysis specialists will perform the TARA including Attack Tree to make an informed decision as to how to best manage the identified risks.

Defining the right Concept and Architecture for your product will prevent costly rework during integration phase. From the definition of the Items under development including assets and functions to the Cybersecurity goals and Requirements elicitation, our solution architects will accelerate the identification of the Cybersecurity controls to be implemented.

The ISO/SAE 21434 is a process-oriented standard and do not detail specific cybersecurity solutions. Our solutions architects will assess your current architecture and recommend concrete cybersecurity solutions (HSM, Secure Diagnostics, Secure ECU, Secure Communication) for the most vulnerable assets. Then they will integrate solutions into your current design to improve overall cybersecurity resilience.