ISO21434 Automotive Cyber Security Red Belt Certification

Course Identifier:  e31-001

CertX’s Cyber Security team developped this program to provide complete cyber security training course based upon the ISO21434 standard for Road Vehicle Cyber Security. During the two-day training program you will become familiar with relevant cyber security terminology and activities, you get an excellent understanding of the ISO21434 Standard and you will learn to apply your new knowledge and skills within the practice of your own organization. 
The thirth day, a final exam can consolidate and validate your new skills.

Our course is structured based on a top-down approach allowing trainees to book one or multiple days tailored to their needs. However, the exam given the fifth day requires that all training days (1-to-2) have been followed by the trainee.

Find locations by city and dates.


Day 1 – ISO21434 – Introduction to general cyber security and CSMS

Introduction to general cyber security

  • Trends & threats
  • Primitives
  • Principles
  • Technologies and algorithms

 ISO21434 Overview

  • Alignment with FuSa (ISO26262)
  • Purposes
  • Framework

 Overall Cyber Security Management (Clause5)

  • Governance
  • Culture
  • Risk Management
  • Audit
  • Information sharings
  • Confirmation measures

 Project dependent Cyber Security Management (Clause 6)

  • Tailoring of activities
  • System / Component out of context
  • Planning
  • Case

 Post-development Phase (Clause 10-13)

  • Production
  • Operation
  • Maintenance
  • Decommissioning


    Day 2 – ISO21434 – Applying the standard from the concept phase to the validation

    Concept Phase (Clause 8)

    • Cybersecurity Relevance
    • Item Definition
    • Threat Analysis and Risk Assessment (TARA)
    • Cybersecurity Goals
    • Cybersecurity Concept
    • Cybersecurity Assurance Levels (CAL)

    Risk Assessment Methods (Clause 7)

    • Asset Identification
    • Vulnerability Analysis
    • Attack Feasibility Analysis
    • Risk Determination
    • Risk Treatment

    Product Development I (Clause 9)

    • Introduction to Design & Verification
    • Cyber security requirements
    • Cyber security design and controls
    • Hardware development (model, design principles…)
    • Software development (design principles, compliance, integration, testing…)
    • Validation at Vehicle Level & Release for Post-Development (validation, assessment…)

    Supporting Processes (Clause 14)

    • Quality Management System
    • Change Management
    • Documentation Management
    • Configuration Management
    • Requirements Management
    • Tool Management
    • Distributed Cyber Security Activities


    Day 3 – Exam

    The exam will be taken at the end of the course.

    In case the individual trainee achieves a minimum of 75% of the total score he/she will receive a certificate valid for a period of 3 years.

    In case of non-achievement of the minimum score he/she will receive a confirmation of participation.

    Upon the agreement of the individual we publish his/her certificate and validity on our registry accessible through our website.

    Please find our additional resources below:


    Person certification process


    Terms and conditions for trainings