Implementing Automotive Cybersecurity in the Supply Chain – Best Practices

by Chad Kymal,Dr.Juan Pimentel,Vignesh Sambandan published on December 28, 2023

The international automotive cybersecurity standard ISO/SAE 21434 and the European regulations R155 and R156 have been in effect for over a year. Currently, automotive organizations are quite busy implementing these standards and regulations which are turning out to be more challenging than originally thought. Fortunately, a single organization is not expected to implement all of the requirements of these standards and regulations all by itself. Rather, the responsibilities are shared by all organizations linked in the automotive supply chain. Having recommended and helped customers with multiple implementations of ISO/SAE 21434, together with R155 and R156, Omnex has developed several best practices that will be shared in this webinar. The best practices will cover the differences of responsibilities among OEM, Tier 1, and Tier 2 organizations, the importance of a detailed CIA (cybersecurity interface agreement), what is in / out of scope in a cybersecurity project, the early characterization of a testing environment, the consideration of latest attack trends, and the leveraging of supplementary cybersecurity standards.

Watch the webinar recording to find out how to best implement the standards, requirements, and regulations.


Chad Kymal

Chad Kymal is the CTO and Founder of Omnex Inc. He is the author of seven books and more than 100 papers including several on integrated management systems. Chad is currently on the writing committees for several standards including TC 22/ SC 32/WG 8 for ISO 26262 (Functional Safety), ISO/TC 176 for ISO 9001:2015 (Quality Management), ISO/TC 207 for ISO 14001:2015 (Environmental Management), and PC283 for ISO 45001 (Health and Safety Management Systems). He founded and was the CEO of an Automotive registrar for over 10 years and is familiar with conducting audits, being witnessed for audits, and also evaluating auditors and assessors. He authored and teaches a course for 3rd Party Auditors for Automotive Registrars on behalf of International Automotive Certification Bodies Association (IACBA). This course explains how 3rd Party Auditors audit IATF 16949 in an environment that includes ASPICE, Functional Safety and Product Cybersecurity. He is currently rolling out the course to global 3rd Party Auditors for IATF 16949. Chad has spent over 20 years in system, hardware and software development in various capacities. He assesses and works in automotive system, hardware and software for Agile, ASPICE, and Functional Safety ISO 26262. Chad is also currently an intacsTM certified Principal Assessor for Automotive SPICE.