USA
Canada 
China 
France 
Germany 
India 
Italy 
Mexico 
Middle East 
Singapore 
Spain 
Thailand 
Thank You
Your registration has been completed successfully. If you have any questions or need further assistance, feel free to contact us at info@omnex.com
ISO/SAE 21434 Automotive Cybersecurity Auditing and Assessment Using ISO 19011 and ISO/PAS 5112
ISO/SAE 21434 Automotive Cybersecurity Auditing and Assessment Using ISO 19011 and ISO/PAS 5112
Course Duration: 5 Days - 8 Hours/day
This five-day seminar is designed for professionals who want to develop the knowledge and skills to conduct audits of ISO/SAE 21434 cybersecurity management systems (CSMS) for road vehicles based on ISO/PAS 5112.
ISO/SAE 21434: Road Vehicles – Cybersecurity Engineering provides a comprehensive framework for establishing and implementing a cybersecurity management system (CSMS) throughout the entire vehicle lifecycle. This standard outlines the best practices for identifying, mitigating, and managing cybersecurity risks in road vehicles.
ISO/PAS 5112: Road Vehicles — Guidelines for Auditing Cybersecurity Engineering complements ISO/SAE 21434 by providing a structured approach for auditing CSMS established according to ISO/SAE 21434. This standard is an extension of ISO 19011 Guidelines for Auditing Management Systems and equips auditors with the knowledge and tools to assess an organization's compliance with ISO/SAE 21434 requirements.
The auditing guidelines of ISO/PAS 5112 and ISO 19011 including the auditing process and methodologies, e. g., planning and conducting an audit, writing nonconformity statements, preparing an audit summary and report, and verifying corrective actions and their application in the automotive process approach are covered. Auditing case studies from the automotive industry are used to develop skills for conducting audit activities and identifying nonconformities
Learning Objectives
- Understand the key concepts of ISO/SAE 21434 and ISO 19011
- Gain in-depth knowledge of ISO/PAS 5112 guidelines for auditing cybersecurity engineering in road vehicles
- Learn how to evaluate an organization’s conformance to ISO/SAE 21434
- Understand the application of the principles, procedures and techniques of auditing.
- Understand to conduct of an effective audit in the context of the auditee’s organizational situation.
- Understand the application of the regulations, and other considerations that are relevant to the management system, and the conduct of the audit.
- Practice personal attributes necessary for the effective and efficient conduct of a management system audit.
- Establish, plan and task the activities of an audit team.
- Communicate effectively with the auditee and audit client.
- Organize and direct audit team members.
- Prevent and resolve conflict with the auditee and/or within the audit team.
- Prepare and complete the audit report.
Course Outline
Day One – Understanding ISO/SAE 21434
· Summary of ISO/SAE 21434
· Cybersecurity Management (Clauses 5 & 6)
o Organization Cybersecurity Management and Governance
o Project Dependent Cybersecurity Management
o Cybersecurity Planning
o Re-use, Component out-of-Context (CooC) and Off-the-Shelf (OTS)
o Cybersecurity Case
o Release for Post-Development
· TARA and the Cybersecurity Concept Phase (Clauses 15 & 9)
o Item Definition
o Asset and Threat Scenario Identification
o Impact Rating
o Attack Path Analysis and Attack Feasibility Rating
o Risk Value Determination
o Cybersecurity Assurance Levels (CALs)
o Risk Treatment Decision
o Cybersecurity Goals and Cybersecurity Claims
o Cybersecurity Concept
Day Two – Understanding ISO/SAE 21434 (cont’d)
· Product Development Phase (Clauses 10 & 11)
o Product Development and Cybersecurity Controls Design
o Refined Cybersecurity Requirements and Architectural Design
o Integration and Verification Activities
· Post-Development Phases (Clauses 12, 13 & 14)
o Overview of Production Phase
o Operations and Maintenance
o End of Cybersecurity Support and Decommissioning
· Continual Cybersecurity Activities (Clause 8)
o Cybersecurity Monitoring
o Criteria for Triage
o Cybersecurity Event Evaluation
o Vulnerability Analysis and Management
· Distributed Cybersecurity Activities (Clause 7)
o Distributed Development
o Supplier Capability
o Request for Quotation
o Alignment of Responsibilities
Seminar Agenda (cont’d)
Day Three – Conducting an Audit per ISO 19011 and ISO/PAS 5112
· Audit Guidance, Definitions and Principles
o Audit Definitions and Guidance
o Types of Audits
o Audit Responsibilities, Roles and Authorities
· The Audit Program
o Audit Program Objectives
o Managing an Audit Program
o Audit Program Risks and Opportunities
· Audit Planning and Preparation
o Risk-Based Approach to Audit Planning
o Audit Objectives, Scope and Criteria
o Audit Methods and Sampling
o Document and Data Analysis
o Breakout Exercise: Documentation Review
o Audit Plan and Other Work Documents
o Breakout Exercise: Creating an Audit Plan
· Conducting the Audit
o Opening Meeting and Facility Tour
o Auditing Top Management
o Gathering Objective Evidence and Generating Audit Findings
o Conducting Interviews
o Breakout Exercise: Conducting an Audit Interview
Seminar Agenda (cont’d)
Day Four – Conducting an Audit per ISO 19011 and ISO/PAS 5112 (cont’d)
· Writing Nonconformity Statements
o Generating Audit Findings – Nonconformities
o Writing Nonconformity Statements
o Review Findings and Conclusions
o Breakout Exercise: Writing Nonconformity Statements
· Closing Meeting
· Completing the Audit Report
· Corrective Action and Close-Out
· Audit Guidelines According to ISO/PAS 5112
Day Five – Conducting Supplier Audits and Cybersecurity Assessments
· Confirmation Measures and Supplier Audits/Assessments
o Confirmation Measures – Audits, Assessments and Reviews
o Breakout Exercise: Confirmation Measures Plan
o Distributed Development
o Breakout Exercise: Evaluate a Distributed Interface Agreement (DIA)
o Process Approach to Auditing and Audit Trails
o Breakout Exercise: Process Map Review and Interrelationships
· Cybersecurity Assessment Planning and Preparation
o Assessment Objectives, Scope and Criteria
o Document and Data Analysis
o Breakout Exercise: Documentation Review
o Preparing the Assessment Plan and Other Work Documents
o Breakout Exercise: Creating an Assessment Plan
o Assessing the Cybersecurity Plan and the Work Products
o Assessing the Cybersecurity Case
Levels of Certification
Level 1 Internal Auditor Provisional Knowledge Requirements: · 1 week of Cybersecurity Auditor Training and candidates must pass exam.
Level 2 Certified Internal Auditor Knowledge Requirements: · 1 week of Cybersecurity Auditor Training and candidates must pass exam.
Prerequisites: · 10 audits or assessments in the past 3 years.
Who Should Attend
This seminar is primarily designed for internal or third-party auditor candidates, but can also be valuable for Quality Assurance Managers, ISO/SAE 21434 Implementation Team Members, Management Representatives, and all others who would like to develop competency in ISO/PAS 5112 and the auditing process for first, second- and third-party auditing.
Course Materials
Each participant will receive a seminar manual including breakout exercises and case studies.
Note: Omnex does not provide copies of standard(s) during training courses, but clients are encouraged to have their own copy.
Note: Omnex does not provide copies of standard(s) during training courses, but clients are encouraged to have their own copy.
Pre-Requisite
Participants should be involved in or aware of software and hardware development as it relates to the motor vehicle industry. A basic understanding of the ISO/SAE 21434 standard is recommended.
ISO/SAE 21434 Automotive Cybersecurity Auditing and Assessment Using ISO 19011 and ISO/PAS 5112 Program is available in multiple locations globally, including the USA, Canada, Mexico, India, Europe, Thailand, Singapore, Middle East and China.
MICHAEL DOWN
315 E. Eisenhower Parkway, Suite 300, Ann Arbor, Michigan - 48108, USATel: (734) 761-4940
Fax: (734) 761-4966
Michael Down is a Senior Consultant with extensive Engineering, Quality and Reliability experience. Whether it may be in Product Development, Manufacturing, or Quality Management Systems, his greatest desires are to improve clients understanding and improving system to provide optimum performance, quality and durability of the product or process design. He also well understands the need for reducing costs while continually improving quality & compliance/conformance.
Mr. Down has extensive experience working in the automotive industry from manufacturing and assembly to vehicle design development and software/hardware Reliability, DMFEA and PFMEAs. He spent over 32 years working for GM in the quality engineering, statistical problem solving and continuous improvement and teaching. Have taught thousands of employees over the years in relation to FMEA, Probability and Statistics, SPC, System Thinking, Deming, Reliability, and statistical problem solving. Used SPC principles to manufacturing processes at GM, increasing line efficiency and reducing cost, saving GM millions of dollars. Applied DOE to advanced design and process development, identifying critical variables and optimizing process performance. Statistically solved process and product issues in relation to casting, metal fabrication, electronics, injection molding and SMC plastics. Also, statistically solved issues in relation to stamping, heat treating, paint, and in relation to issues with oxygen sensors.
In addition, he was instrumental in the development of the GM Powertrain PFMEA guidelines. Managed quality engineers in manufacturing and assembling. Was a part of the leadership group that directed the Statistical Network within GM (assisted in facilitating Deming seminars and assisted in the training of his courses and seminar) Mike also represented GM at both SAE and AIAG, providing extensive guidance and input to the development of Global Automotive Standards reference documents on Quality and Core tools, including PFMEA, APQP/CP, PPAP, SPC, MSA, and DRBFM reference documents. Mike has been involved with FMEA standards and including developing and teaching FMEAs since the 1990s. Today, Mike is actively working on the SAE J1739 committee updating the FMEA standard to reflect AIAG-VDA FMEA.
Specialties: Training and support the development of DFMEAs and PFMEAs for FMEA 4th edition and AIAG-VDA FMEA. Lead for PQMS training development, IQFMEA tech expert, taught and developed DFA and Robust engineering courses. Deming expert, facilitation and application, DOE trainer and implementer, Represent GM at SAE and at AIAG. Expert in the area of AIAG-VDA FMEA, SPC, MSA, FMEA 4th edition, and DRBFM
EDUCATION
Bachelor of Science, Electrical Engineering, MTU, Bachelor Industrial Management in Electronic Engineering Technology from Baker College, and a Master Degree in Applied Statistics from Oakland University
GREG GRUSKA
315 E. Eisenhower Parkway, Suite 300, Ann Arbor, Michigan - 48108, USATel: (734) 761-4940
Fax: (734) 761-4966
Greg Gruska is the Omnex Champion for APQP, PPAP, FMEA, ISO 26262, Lean Six Sigma and a Fellow of the American Society for Quality (ASQ). His strength in ISO 26262 is a strong understanding and experience in systems engineering and reliability/safety analysis in both hardware and software development. Greg managed the Quality Engineering Activity at Chevrolet. This group provided benchmarking, quality engineering and statistical support to all divisional and corporate activities and their suppliers. Besides the application of statistics within the design, manufacturing, and support environments, this group was active in the development of new technologies and training in these areas. Greg additional served as a Divisional and Corporate consultant in Statistical Engineering and Management. He has traveled extensively in assisting engineering, financial, and support staffs and manufacturing plants in the investigation and solution of problems affecting quality, new product development, product failures and customer satisfaction.
Greg is also an active/writing member of the MSA, SPC, FMEA, and EFMEA Manual subcommittees of the American Automotive industry�s Supplier Quality Requirements Task Force which is part of the international task force governing TS-16949. Greg is an adjunct professor at Madonna University. He has advanced degrees in mathematics and engineering from the University of Detroit, Michigan State University and Wayne State University. He was the Deming Memorial Lecturer at the Sheffield Hallam University for the year 2000.
Greg is a charter member of the Greater Detroit Deming Study Group and the W. E. Deming Institute. He is an ASQ certified Quality Engineer, a licensed Professional Engineer (CA - Quality) and a member of the Board of Examiners of and Judge for the Michigan Quality Leadership Award (1994-2011). Greg is on the writing committee of AIAG on FMEA, a member of the SAE Functional Safety Committee (J2980) and is considered one of the foremost authorities on risk management in the world. He has considerable hardware and software experience in Automotive applications.
MARY E. ROWZEE, ASQ FELLOW
315 E. Eisenhower Parkway, Suite 300, Ann Arbor, Michigan - 48108, USATel: (734) 761-4940
Fax: (734) 761-4966
Mary Rowzee is an Omnex consultant with extensive experience and achievements in Quality Systems development, implementation and auditing to ISO 9000 series and IATF 16949 standards; Six Sigma Black Belt Problem Solving and Advance Quality Tools including: Design and Process FMEA, Design and Process Verification and Test Planning, Complex Statistical Analyses and Reliability Prediction, Modelling and Risk Reduction. Mary is a writing member of AIAG-VDA FMEA 1st edition and the Core Tools Guidelines: SPC 2nd edition, MSA 4th edition, EFMEA 1st edition, PPAP 4th edition and APQP 2nd edition.
Mary has been actively leading industry practices and application of ISO 26262 Functional Safety Standard for Electrical/ Electronic Products; Software FMEAs, ASPICE, CMMI and Quality; Supplemental Monitoring and Systems Response (MSR) FMEAs; Safety of the Intended Functionality (SOTIF) ISO 21448 and use of Safety Engineering tools (Reliability Block Diagrams, Hazard and Risk Analyses, Addressing ASIL rated risks) in Advanced Driver Assistance Systems (ADAS). She also served as GM Global representative on AIAG-VDA and SAE Quality Standards development teams.
Mary has worked for Daimler Chrysler Fiat, TRW and recently GM working as a Senior Engineer ADAS Electrical sub-systems quality for Autonomous Vehicles. She was the Quality and Reliability Resource on ADAS Electrical Sub-systems teams, used in Autonomous Vehicles. For GM she worked with internal and first tier supplier teams to develop Safety Analyses and Design FMEAs on Electrical, Mechanical and Software products in support of ISO 26262 requirements. Mary also assisted in the establishment and implementation of an aggressive Advanced Product Quality Process within GM and Supply Base. Additionally, at GM, she served as in-house consultant and coach to more than 5,000 product engineers in Six Sigma project development and implementation. Mary was an Operational Excellence Master for the GM Quality organization, leading and facilitating the highest impact, most financially significant corporate projects, in addition to teaching many courses on Six Sigma tools and techniques. Also at GM, Mary served as the Senior Leader for Global Design and Process FMEA. In this she revitalized the use of FMEAS within General Motors by developing and teaching all live and web based FMEA classes in North America and developing criteria and assessment processes for Global FMEA software selection.
While at Daimler Chrysler Fiat she served as the manager of Product and Process Integrity. In this position she supported interior and electrical product development (SMTs) areas in writing technical specifications, developing reliability requirements, constructing and executing designed experiments, developing FMEAs and Validation plans.
EDUCATION
Mary has Bachelor of Arts (BA), Psychology and Human Factors from University of Delaware, Newark, DE. She also has a Master of Science (MS), Industrial Psychology and Applied Statistics from University of Akron, Akron, OH. Mary hold numerous certifications including: Certified Reliability Engineer CRE, Certified Manager of Quality and Organizational Excellence CQM/OE, Certified Quality Engineer CQE, Certified Quality Auditor CQA, Registrar Accreditation Board Quality Auditor.