Supply Chain Strategies | ISO/SAE 21434 and WP.29 CSMS

TEAM UPSTREAM

There are multiple possible strategies to secure the supply chain. And securing the supply chain is mandated both by the WP.29 regulation and by the ISO/SAE 21434 standard.

The ISO/SAE standard even offers specific strategies on how to secure the supply chain.

The first one is that as part of the supplier evaluation by the OEM, the supplier would provide the OEM with a cybersecurity record of capability. This record will include various evidence on the cybersecurity quality of the supplier, including the overall cybersecurity management system with regards to the vehicles’ automotive security, the overall information security management of the supplier, and evidence of past cybersecurity assessments of the supplier.

The second strategy is that as part of the contractual agreement between the supplier and the OEM, a cybersecurity interface for development will be included. This agreement will list the overall division of responsibilities between the supplier and the OEM throughout the vehicle lifecycle from development to production and post-production.

There is not one method in how to do that, therefore, the important thing is to actually define how responsibilities will be shared and divided. One possible model for doing that is called RASIC, which stands for Responsible, Approve, Support, Inform, and Consult.

Implementing this model throughout the vehicle lifecycle in post-production, for example, can include the supplier monitoring for ongoing vulnerabilities regarding its component throughout the vehicle lifecycle. Once a new vulnerability is detected, it will be assessed using TARA by the supplier, and if the risk level justifies it, the supplier will inform the OEM.

The OEM will then consult the supplier if a fix is required, the supplier will develop and test the fix, and then the OEM will test the fix. And once the fix is approved, it will be deployed as a FOTA to the vehicles.

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Don’t wait for warranty claims to pile up

Don’t wait for warranty claims to pile up. Using your connected vehicle data, repair order trends, and DTC analytics you can detect patterns before they…

More Details

Too many claims, not enough time

Too many claims, not enough time. Upstream helps you cut through the noise with AI-powered prioritization: ranking issues by impact, predicted cost, and severity so…

More Details

Speed matters when quality claims hit

Speed matters when quality claims hit. With Upstream’s proactive quality detection, you can accelerate root cause analysis by seeing every vehicle in full context: claims,…

More Details

Turn complex vehicle data into instant answers

Turn complex vehicle data into instant answers with Upstream’s Ocean AI. See how “talking to your data” makes analysis simple. Ask questions, spot issues, set…

More Details

프랑스어 요약 – 모빌리티와 IoT의 미래 보안 및 강화

업스트림은 커넥티드 카, IoT, 스마트 모빌리티 데이터의 잠재력을 극대화합니다. 업스트림의 데이터 관리 플랫폼은 진화하는 사이버 위험으로부터 모�

More Details

모빌리티 분야의 사이버 위협에 대한 정보

실행 가능한 수정 권장 사항에 뒷받침된 실행 가능한 장치별 분석을 통해 모빌리티 위협 환경에 대한 탁월한 가시성을 확보하세요.

More Details
Skip to content