Implementing and Testing Cybersecurity – An IATF 16949 Requirement
IATF 16949 requires the organization to conduct periodic Cybersecurity testing and conduct vulnerability assessments. These are not just focused in the offices for Design and Corporate, but extend to manufacturing systems as well. Omnex recommends that organizations consider a management systems’ approach versus an ad hoc approach when implementing Cybersecurity. ISO 27001 – IT Security looks at both Cybersecurity, i.e., external threats and internal threats and takes a comprehensive approach to implementing IT and Cybersecurity. In fact, the IATF FAQ on Cyberattacks, recommends an ISO 27001 approach.
The good news is that ISO 27001 adopts the High Level Structure of IATF 16949 and ISO 14001 and can be integrated into the same management system. The differences are in the required risk analysis and vulnerability analysis and applying controls to mitigate the risk. This is where NIST SP 800 series of standards come into play. NIST Standards are a requirement if you deal with the US Government. Omnex, who is ISO 27001 certified, is applying NIST SP 800-53 with its 256 controls. This though a requirement from Omnex top management was also required by an important customer.
When looking at vulnerability and testing, three types of tests need to happen – Enterprise, IOT, and Manufacturing. Find out what these are and the tools typically used. Then after, risk owners and risk controls need to be considered. So testing is important, but risk treatment and controls are even more important.
Related Training
Upcoming Webinar: TISAX and applications to EVAV (Electric and Autonomous Vehicles)
Speakers:
Kumar Sivan, Marc Atayi
Date and Time:
Mar 26 2024 11:00AM EST
RegisterUpcoming Webinar: Key Changes in the New APQP 3rd Edition and Control Plan 1st Edition Manuals
Speakers:
Dave Watkins, Gregory Gruska, Mary Rowzee, Michael Down
Date and Time:
Apr 4 2024 11:00AM EST
RegisterUpcoming Webinar: ASPICE 4.0 seen from a HWE view
Speakers:
Micael Edvardsson
Date and Time:
Apr 16 2024 8:30AM EST
Register