ISO/SAE 21434 TEMPLATES PACKAGE

Cybersecurity is a new topic for the automotive industry.
Drive
sec helps OEMs and Tier 1 companies to be
compliant with UNECE R 155 and ISO/SAE 21434, with a
complete set of templates for required work products. Find the
Drivesec full templates package for ISO/SAE 21434 compliance.
Contact us

Templates Package

ISO Clause ISO WP-ID Work Product Name Drivesec Template name
Cybersecurity governance WP-05-01 Cybersecurity policy, rules and processes Cybersecurity Management System
Cybersecurity culture WP-05-02 Evidence of competence management, awareness management and continuous improvement
Management systems WP-05-03 Evidence of the organization’s management systems
Management systems WP-05-03 Evidence of the organization’s management systems
Organizational cybersecurity audit WP-05-05 Organizational cybersecurity audit report
Organizational cybersecurity audit WP-05-05 Organizational cybersecurity audit report Cybersecurity Questionnaire
Tool management WP-05-04 Evidence of tool management Cybersecurity Tools Report
ISO Clause ISO WP-ID Work Product Name Drivesec Template name
Cybersecurity planning WP-06-01 Cybersecurity plan Cybersecurity Plan
Release for post-development WP-06-04 Release for post-development report
Cybersecurity case WP-06-02 Cybersecurity Case Cybersecurity Case
Cybersecurity assessment WP-06-03 Cybersecurity assessment report Cybersecurity assessment report
ISO Clause ISO WP-ID Work Product Name Drivesec Template name
Alignment of responsibilities WP-07-01 Cybersecurity interface agreement Cybersecurity Interface Agreement
ISO Clause ISO WP-ID Work Product Name Drivesec Template name
Cybersecurity monitoring WP-08-01 Sources for cybersecurity information Continual Cybersecurity Activities
Cybersecurity monitoring WP-08-02 Triggers
Cybersecurity monitoring WP-08-03 Cybersecurity events
Cybersecurity event evaluation WP-08-04 Weaknesses from cybersecurity events
Vulnerability analysis WP-08-05 Vulnerability analysis
Vulnerability management WP-08-06 Evidence of managed vulnerabilities
ISO Clause ISO WP-ID Work Product Name Drivesec Template name
Item definition WP-09-01 Item definition Cybersecurity Item definition
Cybersecurity goals WP-09-02 TARA Threat Analysis and Risk Assessment
Cybersecurity goals WP-09-03 Cybersecurity goals Cybersecurity Concept
Cybersecurity goals WP-09-04 Cybersecurity claims
Cybersecurity concept WP-09-06 Cybersecurity concept
Cybersecurity goals WP-09-05 Verification report for cybersecurity goals Cybersecurity Verification Report
Cybersecurity concept WP-09-07 Verification report of cybersecurity concept
ISO Clause ISO WP-ID Work Product Name Drivesec Template name
Design WP-10-01 Cybersecurity specifications Cybersecurity Specification
Design WP-10-05 Weaknesses found during product development
Design WP-10-02 Cybersecurity requirements for post-development Cybersecurity requirements for post-development
Design WP-10-03 Documentation of the modelling, design, or programming languages and coding guidelines Secure coding guidelines
Design WP-10-04 Verification report for the cybersecurity specifications Cybersecurity Verification Report
Integration and verification WP-10-06 Integration and verification specification Cybersecurity Integration & Verification
Integration and verification WP-10-07 Integration and verification report
Cybersecurity validation WP-11-01 Validation Report Cybersecurity Validation Report
ISO Clause ISO WP-ID Work Product Name Drivesec Template name
Production WP-12-01 Production control plan Cybersecurity Production control Plan
ISO Clause ISO WP-ID Work Product Name Drivesec Template name
Cybersecurity incident response WP-13-01 Cybersecurity incident response plan Cybersecurity Incident Response Plan
ISO Clause ISO WP-ID Work Product Name Drivesec Template name
End of cybersecurity support WP-14-01 Procedures to communicate the end of cybersecurity support Cybersecurity Interface Agreement
ISO Clause ISO WP-ID Work Product Name Drivesec Template name
Asset identification WP-15-01 Damage scenarios Threat Analysis and Risk Assessment
Asset identification WP-15-02 Assets with cybersecurity properties
Threat scenario identification WP-15-03 Threat scenarios
Impact rating WP-15-04 Impact ratings with associated impact categories
Attack path analysis WP-15-05 Attack paths
Attack feasibility rating WP-15-06 Attack feasibility ratings
Risk value determination WP-15-07 Risk values

Our expertise at your service

Work Product templates

The experience Drivesec gained in the field has led to the definition of a comprehensive set of models for each work product required by ISO 21434. The template package assists the organization in speeding up your compliance with the regulation.

Certification and audit support

Our templates are self-explanatory, accompanied by completion guidelines and examples, but in case you need help filling them out, we are your proactive partners! Our experts will be by your side to guide you through the entire process, including preparing for the audit. In addition, they are designed to be extensible to better suit your company.

Training on Cybersecurity

Drivesec offers training and competence development in the automotive cybersecurity field. The courses can be attended online or in-person (a hybrid solution can be requested as well) and the topic can be customized to customer needs (for example, they can focus on cybersecurity engineering for road vehicles e.g., UNECE WP.29 R 155 and R 156 regulations and ISO/SAE 21434 and ISO 24089 standard)

Cybersecurity Management System

For any new model type approval, OEMs must demonstrate the existence of a cybersecurity management system (CSMS) as required by UNECE R 155. We may provide you with the template and guidelines to produce this document as easily as possible.

Threat Analysis & Risk Assessment

Threat Analysis and Risk Assessment (TARA) is a crucial point in the design phase and, of course, in the certification process. The TARA template includes an automatic calculation of Risk level and CAL (Cybersecurity Assurance Level). Drivesec has specific expertise related this task, and we can support you through every step of this analysis.

Cybersecurity requirements

Threat Analysis and Risk Assessment (TARA) results are used to create a complete set of cybersecurity requirements and cybersecurity specifications, also taking into consideration post-production operations. Our team of experts can use the most widely used document and requirements management systems.
Want to know more about our templates package and how Drivesec can help your company? Talk with one of our specialists and get a quote!

Fill out the form to get in touch with one of our representatives.