As cybersecurity measures in the automotive industry continue to advance, “auditing organizations” in accordance with ISO/SAE 21434:2021 has become a major issue.

However, if “how exactly to proceed” remains unclear, the risk of cyber-attack threats increases. Generally, it is often thought that “quality control department” is in charge of internal audits, but in reality, it is essential for “audited organizations” themselves to play a certain role to ensure the effectiveness of CSMS (Cyber Security Management System) and to realize smooth audits.
Learn practical know-how on how to proceed with internal audits necessary for effective operation of CSMS, and take the first step toward establishing cyber security for your entire organization.

Internal audits based on the ISO/SAE 21434 standard are essential for maintaining and improving the cyber security of embedded products, including automobiles, and their management systems (CSMS).
To address the importance of software in the automotive industry and the increasing sophistication of cyber attacks, vulnerabilities must be managed throughout the lifecycle from development to disposal. Early detection of risks and security can be achieved through continuous auditing and improvement across the entire enterprise in collaboration with multiple departments, including not only the quality department but also “non-audit organizations.

For organizations that have established a cyber security management system (CSMS) in the automotive industry, internal audits are essential as part of evaluation activities (C: Check in the PDCA cycle). In order to conduct these audits effectively, it is essential to have a basic knowledge of the management system activities operated by the organization to be audited (audited organization).
This section introduces basic knowledge of the management system activities of the audited organization, which is indispensable for smooth implementation of internal audits.