ISO/SAE 21434 and Other Related Standards Training For Executive Management

This one-day seminar will give the participant the base knowledge necessary for management teams involved in the development and assurance of automotive cybersecurity of new products utilizing electrical and electronic elements through the use of the ISO 21434 Cybersecurity Management System standard. This standard is an adaptation of several frameworks and related standards for the specifics of automotive electric/electronic systems. It is to be applied to Cybersecurity Related Systems that include electric/electronic systems that are installed in production passenger vehicles. An overview of ISO/IEC 27001, United Nations (UN) regulation WP.29, and VDA ACMS (Automotive Cybersecurity Management System) will also be provided.

Learning Objectives

  • Identify the purpose and scope of ISO/SAE 21434, ISO/IEC 27001, WP.29, and VDA ACMS
  • Describe the framework of the ISO 21434 standard
  • Enumerate the 14 parts of the standard
  • Identify the influences and drivers of the standard
  • Be able to interpret ISO/SAE 21434 CAL tables
  • Understand key aspects of cybersecurity management
  • Identify the requirements for the organization after the release of the design to serial production
  • Describe the impact of ISO/SAE 21434 on production and operational activities
  • Enumerate the requirements of ISO 26262 which support the design and development activities for automotive cybersecurity
  • Describe the requirements for distributed development
  • Organize the development of a CSooC consistent with ISO/SAE 21434
  • Describe the item definition and initiate the safety lifecycle
  • Understand the development of the Threat Analysis and Risk Assessment (TARA) and the related cybersecurity goals including the cybersecurity concept and the refined cybersecurity design

Course Outline

  • Introduction and Overview to ISO/SAE 21434, ISO/IEC 27001, WP.29, and VDA ACMS
  • ISO/SAE 21434 Purpose, Scope and Framework
  • Overall Cybersecurity Management (Clause 5)
  • Cybersecurity Governance
  • Cybersecurity Culture
  • Cybersecurity Risk Management
  • Cybersecurity Audit
  • Information Sharing
  • Confirmation Measures
  • Project Dependent Cybersecurity Management (Clause 6)
  • Tailoring of Cybersecurity Activities
  • System or Component out of Context
  • Cybersecurity Planning
  • Cybersecurity Case
  • Post-Development Phases (Clauses 10-13)
  • Production, Operation, Maintenance, and Decommissioning
  • Concept Phase (Clause 8)
  • Cybersecurity Relevance
  • Item Definition
  • Threat Analysis and Risk Assessment (TARA)
  • Cybersecurity Concept
  • Product Development (Clause 9.1)
  • Introduction to Design & Verification
  • Refined Cybersecurity Design
  • The Need for Cybersecurity and Getting Started

Who Should Attend

This course is designed for executive management.

Course Materials

Each participant will receive a seminar manual including breakout exercises and case studies.

Note: Omnex does not provide copies of standard(s) during training courses, but clients are encouraged to have their own copy.


Participants should have a working knowledge of their organization’s New Product Development Process.

Upcoming Training