The ISO/SAE 21434 standard has emerged to set requirements for road vehicle cybersecurity risk management processes, and it helps to regulate automotive products across the complete product lifecycle - from concept through design, production, maintenance and decommissioning.
Adhering to these standards, Microchip Technology’s corporate processes associated with specific automotive work products have recently been audited and certified by UL Solutions as compliant to ISO/SAE 21434.
Developed by the International Organization for Standardization (ISO) in conjunction with the Society of Automobile Engineers (SAE) International, the ISO/SAE 21434 standard is intended to help organisations define cybersecurity policies and manage risk.
Described as very demanding the specification has 45 security categories, known as work products, each of which specifies a unique set of requirements that encompass all aspects of designing electrical and electronic systems for road vehicles, from ICs and software to firmware and libraries.
The ISO/SAE 21434 designation also confirms that a certified corporate cybersecurity management system is in place. This verifies that cybersecurity is a priority focus at the organisation, from executive leadership to all organisational disciplines including the design, test, product, applications, marketing, quality, verification and validation teams.
Stakeholders involved in the product lifecycle are required to complete cybersecurity training and meet designated qualifications. A Threat Analysis and Risk Assessment (TARA) methodology is also incorporated at multiple stages of the product lifecycle when devices will be integrated into automotive cybersecurity-related platforms.
“Security is a core pillar at Microchip and the ISO/SAE 21434 certification is proof of our dedication to maintaining high standards in automotive cybersecurity,” said Matthias Kaestner, corporate vice president of Microchip's automotive business. “Our customers can be confident that Microchip is a trusted security advisor with the appropriate expertise to guide them through their automotive cybersecurity design journey.”
While each OEM is responsible for proving compliance at the vehicle level, ISO/SAE 21434 encourages all companies in the production ecosystem to play a role in proactively helping manage cybersecurity threats.
Customers utilising electronic control units that incorporate Microchip’s security products, designed within the ISO/SAE 21434 certified process framework, will no longer have to review thousands of pages of process documentation to determine compliance. This reduces the burden placed on Tier-1s and OEMs to prove they have a strong foundation in security.