ISO21434 Automotive Cyber Security Red Belt Certification

Course Identifier:  e31-001

During the two-day training program you will become familiar with relevant cyber security terminology and activities, you get an excellent understanding of the ISO21434 Standard and you will learn to apply your new knowledge and skills within the practice of your own organization. 
On the third day, an optional final exam can verifiy and demonstrate your new skills.

Our course is structured based on a top-down approach allowing trainees to book one or multiple days tailored to their needs. However, the exam given the third day requires that all training days (1-to-2) have been followed by the trainee.

Find locations by city and dates.


Day 1 – ISO21434 – Introduction to general cyber security and CSMS

Introduction to general cyber security

  • Trends & threats
  • Primitives
  • Principles
  • Technologies and algorithms

ISO21434 Overview

  • Alignment with FuSa (ISO26262)
  • Purposes
  • Framework

Overall Cyber Security Management (Clause5)

  • Governance
  • Culture
  • Risk Management
  • Audit
  • Information sharings
  • QMS / ISMS

Project dependent Cyber Security Management (Clause 6)

  • Tailoring of activities
  • Reuse / Component out of context / COTS
  • CS Planning
  • CS Case
  • Release for post-development

Continuous CS activities (Clause 7)

  • CS monitoring
  • CS event assessment
  • Vulnerability analysis / management

Distributed CS activities (Clause 15)

  • Supplier capabilities
  • Request for Quotations
  • Cybersecurity Interface Agreement for Development (CIAD)


    Day 2 – ISO21434 – Applying the standard from the concept phase to the decommissioning

    Risk Assessment Methods (Clause 8)

    • Asset Identification
    • Threat scenario identification
    • Impact analysis
    • Attack path analysis
    • Attack Feasibility Analysis
    • Risk Determination
    • Risk Treatment

    Concept Phase (Clause 9)

    • CS Relevance
    • Item Definition
    • Threat Analysis and Risk Assessment (TARA)
    • CS Goals
    • CS claims
    • CS Concept
    • Cybersecurity Assurance Levels (CAL)

    Product Development (Clause 10-11)

    • Introduction to Design / specification activities
    • Cyber security requirements (incl. SW-specific ones)
    • Secure Hardware (principles, technologies examples…)
    • Secure SW principles (principles, technologies examples…)
    • Introduction to verification / integration activities
    • Cybersecurity testing
    • Validation at Vehicle Level & Release for Post-Development

    Post-development phases (Clause 12-14)

    • Production (Production control plan, intro to IEC62443…
    • Operation & Maintenance (Incident-response, updates…)
    • Secure decommissioning

    Training summary


    Day 3 – Certification exam

    The exam will be taken at the end of the course.

    In case the individual trainee achieves a minimum of 75% of the total score he/she will receive a certificate valid for a period of 3 years.

    In case of non-achievement of the minimum score he/she will receive a confirmation of participation.

    Upon the agreement of the individual we publish his/her certificate and validity on our registry accessible through our website.

    Please find our additional resources below:


    Person certification process


    Terms and conditions for trainings