ISO/SAE 21434 TEMPLATES PACKAGE
Cybersecurity is a new topic for the automotive industry.
Drivesec helps OEMs and Tier 1 companies to be
compliant with UNECE R 155 and ISO/SAE 21434, with a
complete set of templates for required work products. Find the
Drivesec full templates package for ISO/SAE 21434 compliance.
Templates Package
| ISO Clause | ISO WP-ID | Work Product Name | Drivesec Template name |
|---|---|---|---|
| Cybersecurity governance | WP-05-01 | Cybersecurity policy, rules and processes | Cybersecurity Management System |
| Cybersecurity culture | WP-05-02 | Evidence of competence management, awareness management and continuous improvement | |
| Management systems | WP-05-03 | Evidence of the organization’s management systems | |
| Management systems | WP-05-03 | Evidence of the organization’s management systems | |
| Organizational cybersecurity audit | WP-05-05 | Organizational cybersecurity audit report | |
| Organizational cybersecurity audit | WP-05-05 | Organizational cybersecurity audit report | Cybersecurity Questionnaire |
| Tool management | WP-05-04 | Evidence of tool management | Cybersecurity Tools Report |
| ISO Clause | ISO WP-ID | Work Product Name | Drivesec Template name |
|---|---|---|---|
| Cybersecurity planning | WP-06-01 | Cybersecurity plan | Cybersecurity Plan |
| Release for post-development | WP-06-04 | Release for post-development report | |
| Cybersecurity case | WP-06-02 | Cybersecurity Case | Cybersecurity Case |
| Cybersecurity assessment | WP-06-03 | Cybersecurity assessment report | Cybersecurity assessment report |
| ISO Clause | ISO WP-ID | Work Product Name | Drivesec Template name |
|---|---|---|---|
| Alignment of responsibilities | WP-07-01 | Cybersecurity interface agreement | Cybersecurity Interface Agreement |
| ISO Clause | ISO WP-ID | Work Product Name | Drivesec Template name |
|---|---|---|---|
| Cybersecurity monitoring | WP-08-01 | Sources for cybersecurity information | Continual Cybersecurity Activities |
| Cybersecurity monitoring | WP-08-02 | Triggers | |
| Cybersecurity monitoring | WP-08-03 | Cybersecurity events | |
| Cybersecurity event evaluation | WP-08-04 | Weaknesses from cybersecurity events | |
| Vulnerability analysis | WP-08-05 | Vulnerability analysis | |
| Vulnerability management | WP-08-06 | Evidence of managed vulnerabilities |
| ISO Clause | ISO WP-ID | Work Product Name | Drivesec Template name |
|---|---|---|---|
| Item definition | WP-09-01 | Item definition | Cybersecurity Item definition |
| Cybersecurity goals | WP-09-02 | TARA | Threat Analysis and Risk Assessment |
| Cybersecurity goals | WP-09-03 | Cybersecurity goals | Cybersecurity Concept |
| Cybersecurity goals | WP-09-04 | Cybersecurity claims | |
| Cybersecurity concept | WP-09-06 | Cybersecurity concept | |
| Cybersecurity goals | WP-09-05 | Verification report for cybersecurity goals | Cybersecurity Verification Report |
| Cybersecurity concept | WP-09-07 | Verification report of cybersecurity concept |
| ISO Clause | ISO WP-ID | Work Product Name | Drivesec Template name |
|---|---|---|---|
| Design | WP-10-01 | Cybersecurity specifications | Cybersecurity Specification |
| Design | WP-10-05 | Weaknesses found during product development | |
| Design | WP-10-02 | Cybersecurity requirements for post-development | Cybersecurity requirements for post-development |
| Design | WP-10-03 | Documentation of the modelling, design, or programming languages and coding guidelines | Secure coding guidelines |
| Design | WP-10-04 | Verification report for the cybersecurity specifications | Cybersecurity Verification Report |
| Integration and verification | WP-10-06 | Integration and verification specification | Cybersecurity Integration & Verification |
| Integration and verification | WP-10-07 | Integration and verification report | |
| Cybersecurity validation | WP-11-01 | Validation Report | Cybersecurity Validation Report |
| ISO Clause | ISO WP-ID | Work Product Name | Drivesec Template name |
|---|---|---|---|
| Production | WP-12-01 | Production control plan | Cybersecurity Production control Plan |
| ISO Clause | ISO WP-ID | Work Product Name | Drivesec Template name |
|---|---|---|---|
| Cybersecurity incident response | WP-13-01 | Cybersecurity incident response plan | Cybersecurity Incident Response Plan |
| ISO Clause | ISO WP-ID | Work Product Name | Drivesec Template name |
|---|---|---|---|
| End of cybersecurity support | WP-14-01 | Procedures to communicate the end of cybersecurity support | Cybersecurity Interface Agreement |
| ISO Clause | ISO WP-ID | Work Product Name | Drivesec Template name |
|---|---|---|---|
| Asset identification | WP-15-01 | Damage scenarios | Threat Analysis and Risk Assessment |
| Asset identification | WP-15-02 | Assets with cybersecurity properties | |
| Threat scenario identification | WP-15-03 | Threat scenarios | |
| Impact rating | WP-15-04 | Impact ratings with associated impact categories | |
| Attack path analysis | WP-15-05 | Attack paths | |
| Attack feasibility rating | WP-15-06 | Attack feasibility ratings | |
| Risk value determination | WP-15-07 | Risk values |
Our expertise at your service
Work Product templates
The experience Drivesec gained in the field has led to the definition of a comprehensive set of models for each work product required by ISO 21434. The template package assists the organization in speeding up your compliance with the regulation.
Certification and audit support
Our templates are self-explanatory, accompanied by completion guidelines and examples, but in case you need help filling them out, we are your proactive partners! Our experts will be by your side to guide you through the entire process, including preparing for the audit. In addition, they are designed to be extensible to better suit your company.
Training on Cybersecurity
Drivesec offers training and competence development in the automotive cybersecurity field. The courses can be attended online or in-person (a hybrid solution can be requested as well) and the topic can be customized to customer needs (for example, they can focus on cybersecurity engineering for road vehicles e.g., UNECE WP.29 R 155 and R 156 regulations and ISO/SAE 21434 and ISO 24089 standard)
Cybersecurity Management System
For any new model type approval, OEMs must demonstrate the existence of a cybersecurity management system (CSMS) as required by UNECE R 155. We may provide you with the template and guidelines to produce this document as easily as possible.
Threat Analysis & Risk Assessment
Threat Analysis and Risk Assessment (TARA) is a crucial point in the design phase and, of course, in the certification process. The TARA template includes an automatic calculation of Risk level and CAL (Cybersecurity Assurance Level). Drivesec has specific expertise related this task, and we can support you through every step of this analysis.
Cybersecurity requirements
Threat Analysis and Risk Assessment (TARA) results are used to create a complete set of cybersecurity requirements and cybersecurity specifications, also taking into consideration post-production operations. Our team of experts can use the most widely used document and requirements management systems.
