Automotive Cybersecurity Management Systems - WP.29, ISO 21434, and VDA CSMS

Course Duration: 2 Days - 8 Hours/day

Omnex is not a VDA or VDA-QMC licensed training provider.

Worldwide, the automotive industry is in the process of implementing cybersecurity in their vehicles. This is a challenging effort as there are several relevant standards, guidelines, and regulations that need to be implemented including management aspects. ISO/SAE 21434:2021 is a management-based cybersecurity standard and WP.29 has a requirement for a cybersecurity management system (CSMS) to be implemented by OEMs. In addition, the UNECE requires an audit of the CSMS of OEMs and an assessment with regard to cybersecurity as part of their approval.

This two-day course provides guidance developed by VDA which can be applied to the CSMS audit of both the OEM and the contractual partner. The course will also cover ISO 27001, WP.29 requirements, and an overview of ISO/SAE 21434:2021.

Learning Objectives

  • Become aware of the importance of implementing cybersecurity
  • List the features and clauses of ISO/SAE 21434:2021
  • Understand the WP.29 requirements for a CSMS
  • Understand the VDA guidelines for a CSMS audit

Course Outline

Day 1

  • Overview of ISO/SAE 21434:2021, ISO 27001, WP.29, and VDA ACMS.
  • Breakout 1:
  • Management aspects of ISO/SAE 21434:2021
  • Overall cybersecurity management
  • Project dependent cybersecurity management
  • Other Clauses of ISO/SAE 21434:2021:
  • Concept Phase
  • Product Development
  • Post Development Phases
  • Continuous Cybersecurity Activities
  • Breakout 2:
  • Introduction to WP.29
  • 29 Requirements

Day 2

  • 29 CSMS Requirement
  • VDA guidelines for CSMS audit
  • Breakout 3:
  • Auditing Process and Auditor Qualification
  • Rating of the Automotive CSMS Audit
  • Audit questionnaire
  • Breakout 4:
  • Guidelines for auditors
  • Summary

Who Should Attend

Those involved in the design, development, and production of electrical and electronic based vehicle products, including the systems, software and hardware engineers, and managers. Basically, all those responsible for the development and implementation of hardware and software systems in motor vehicles.

Participants should be, or plan to be, actively managing, or involved in, or aware of the development of electrical and/or electronic items, systems, or elements that are incorporated in motor vehicles. Participants should also have the abilities, education, and experience required for the above roles.

Course Materials

Each participant will receive a seminar manual including case studies.

Note: Omnex does not provide copies of standard(s) during training courses, but clients are encouraged to have their own copy.


Participants should be involved in or aware of Cybersecurity development as it relates to the vehicle industry.

Upcoming Training