We use cookies to give you the best experience and to help improve our website
Find out what cookies we use and how to disable them
Standards Development
This document provides guidance to organisations along the value-chain on managing a cybersecurity management system (CSMS) audit programme, on conducting audits, on competences of CSMS auditors, and on providing evidence during audits, in addition to the guidance contained in ISO 19011: 2018. This is done in reference to ISO/SAE 21434.
This document is applicable to those needing to understand or conduct internal or external audits of a CSMS or to manage a CSMS audit programme.
Though there are standards for auditing management systems for information security (e.g. ISO/IEC 27007), there are still no standards that address auditing cybersecurity management systems (CSMS) for road vehicles. To address road vehicles cybersecurity in a holistic way, CSMS should cover the whole life-cycle of road vehicles.
A standard for CSMS auditing is giving guidance on auditing aspects of ISO/SAE 21434. By this, organisations across the automotive industry can conduct cybersecurity audits in the same way. This also ensures consistency of criteria, which are based on requirements of the ISO/SAE 21434. This is especially relevant in the case of a high number of different auditors, audit clients, and auditees with different expectations, experiences and cultural backgrounds. One example for this is the upcoming UN regulation on Cybersecurity under the 1958 agreement of WP.29. An audit of an organization based on this document, with its relation to ISO/SAE 21434, can provide evidence for a compliant implementation of a CSMS in the definition of the UN Regulation of Cybersecurity.
Further, this document can be taken as baseline for cybersecurity certification of organisations as expected in various customer-supplier relationships and legal frameworks (e.g. within the context of EU Cybersecurity Act).
This document is also intended to clarify relationships to auditing of related management systems (e.g. ISMS, QMS).
Consider the following: Is there a verified market need for the proposal? What problem does this standard solve? What value will the document bring to end-users? See Annex C of the ISO/IEC Directives part 1 for more information. See the following guidance on justification statements on ISO Connect:
https://connect.iso.org/pages/viewpage.action?pageId=27590861
You are now following this standard. Weekly digest emails will be sent to update you on the following activities:
You can manage your follow preferences from your Account. Please check your mailbox junk folder if you don't receive the weekly email.
You have successfully unsubscribed from weekly updates for this standard.
Comment on proposal
Required form fields are indicated by an asterisk (*) character.