ISO/SAE 21434 and Related Standards Training Overview

Course Duration: 2 Days - 8 Hours/day

This two-day seminar will give the participant the base knowledge necessary for practitioners who will be involved in the development and assurance of automotive cybersecurity related to new products utilizing electrical and electronic elements through the use of the ISO/SAE 21434 Automotive Cybersecurity Management System standard applied to Cybersecurity Related Systems that include electric/electronic systems that are installed in production passenger vehicles. An overview of ISO/IEC 27001, United Nations (UN) regulation WP.29, and VDA ACMS (Automotive Cybersecurity Management System) will also be provided.

Learning Objectives

  • Tailor the necessary activities to support automotive cybersecurity lifecycle management, development, production, operation, maintenance and decommissioning
  • Understand the integration of ISO/SAE 21434 with ISO 26262, APQP, IATF 16949 and other related standards
  • Understand cybersecurity aspects of the entire development process (requirements specification, design, implementation, integration, verification, validation and validation)
  • Understand the automotive-specific risk-based approach for determining Cybersecurity Assurance Levels (CALs)
  • Use CALs for specifying the necessary cybersecurity requirements for achieving an acceptable residual risk
  • Provide requirements for validation and confirmation measures to ensure a sufficient and acceptable level of cybersecurity is being achieved


1. Determining the relevance of automotive cybersecurity for specific products

2. Determining the applicability of the ISO 21434 standard in your organization and current products

3. Planning and performing cybersecurity management activities

4. Performing a basic TARA

5. Performing activities of the concept phase

Course Outline

Day One

  • Introduction and Overview to ISO/SAE 21434, ISO/IEC 27001, WP.29, and VDA ACMS
  • ISO/SAE 21434 Purpose, Scope and Framework
  • Organizational Cybersecurity Management (Clause 5)
  • Cybersecurity Governance
  • Cybersecurity Culture
  • Cybersecurity Risk Management
  • Cybersecurity Audit
  • Information Sharing
  • Confirmation Measures
  • Project Dependent Cybersecurity Management (Clause 6)
  • Tailoring of Cybersecurity Activities
  • System or Component out of Context
  • Cybersecurity Planning
  • Cybersecurity Case
  • Breakout Exercise 1: Safety Case Outline
  • Post-Development Phases (Clauses 12-14)
  • Production, Operation, Maintenance, and Decommissioning
  • Concept Phase (Clause 9)
  • Cybersecurity Relevance
  • Item Definition
  • Breakout Exercise 2: Item Definition

Day Two

  • Concept Phase (Clause 9) (cont’d)
  • Threat Analysis and Risk Assessment (TARA)
  • Breakout Exercise 3: Threat and Risk Analysis
  • Cybersecurity Goals
  • Cybersecurity Concept
  • Breakout Exercise 4: Cybersecurity Requirements
  • CAL-Oriented and Cybersecurity-Oriented Analyses (Annex E)
  • Cybersecurity Assurance Levels (CAL)
  • Usage of CALs
  • Risk Assessment Methods (Clause 15)
  • Asset Identification
  • Vulnerability Analysis
  • Breakout Exercise 5: Vulnerability Analysis
  • Attack Feasibility Analysis
  • Risk Determination
  • Risk Treatment

Who Should Attend

This course is designed for managers, engineers, and new product development support personnel.

Course Materials

Each participant will receive a seminar manual including breakout exercises and case studies.

Note: Omnex does not provide copies of standard(s) during training courses, but clients are encouraged to have their own copy.


Participants should have a working knowledge of their organization’s New Product Development Process.

Upcoming Training