logo
stripes

Supporting Processes

ISO/SAE 21434 defines a set of supporting processes that complement the main lifecycle activities. These processes ensure that cybersecurity practices are consistent, repeatable, and auditable across projects, suppliers, and vehicle platforms.

Objectives

  • Provide organizational and technical support for cybersecurity activities.
  • Enable traceability and evidence generation throughout the lifecycle.
  • Support collaboration between OEMs, suppliers, and other stakeholders.
  • Ensure that improvements and lessons learned are systematically applied.

Supplier & Third-Party Management

Modern vehicles depend on a global supply chain. ISO/SAE 21434 requires that cybersecurity responsibilities are clearly allocated and that evidence is exchanged between OEMs and suppliers:

  • Include cybersecurity requirements in contracts and specifications.
  • Perform assessments and audits of suppliers where appropriate.
  • Share necessary TARA results, requirements, and test evidence.

Configuration & Change Management

Effective configuration and change management are essential to ensure that cybersecurity is not compromised as designs evolve:

  • Maintain baselines for requirements, designs, and software builds.
  • Evaluate cybersecurity impact of every change request.
  • Document rationale and test results for changes affecting security.

Documentation & Work Products

The standard requires production of work products as evidence that processes were followed and risks were treated. These include:

  • TARA results and cybersecurity goals.
  • Requirements specifications and traceability matrices.
  • Verification, validation, and test reports.
  • Incident response and vulnerability management records.

Continuous Improvement

Cybersecurity is an evolving discipline. Organizations must integrate lessons learned from field incidents, vulnerability research, and audits to continually improve their processes and products:

  • Feedback loops from incidents and vulnerabilities.
  • Updates to TARA methods and risk criteria.
  • Training and competence updates for engineering teams.

Cross-Standard Alignment

Supporting processes also ensure alignment with related standards:

  • ISO 26262 for functional safety coordination.
  • ISO 24089 for software update engineering.
  • UNECE R155 for organizational CSMS compliance.

Outputs of Supporting Processes

  • Supplier agreements and evidence packages.
  • Configuration management records.
  • Change impact analyses and approval records.
  • Work products required for audits, type approval, and internal assurance.
  • Continuous improvement action plans.
Disclaimer: This page provides a summary of the supporting processes defined in ISO/SAE 21434. For detailed requirements and mandatory work products, refer to the official ISO/SAE 21434:2021 standard.