Microchip earns ISO/SAE 21434 Road Vehicle certification

The ISO/SAE 21434 standard has emerged to set requirements for road vehicle cyber security risk management processes. These cyber security requirements help regulate automotive products across the complete product lifecycle – from concept through design, production, maintenance, and decommissioning. Adhering to these standards, Microchip Technology’s corporate processes associated with specific automotive work products have recently been audited by a third party, UL Solutions, and certified as compliant to ISO/SAE 21434. 

Developed by the International Organization for Standardization (ISO) in conjunction with the Society of Automobile Engineers (SAE) International, the ISO/SAE 21434 standard was developed to help organisations define cyber security policies and manage risk.

It is a demanding specification with 45 security categories, known as work products, each of which specifies a unique set of requirements that encompass all aspects of designing electrical and electronic systems for road vehicles, from ICs and software to firmware and libraries.

The ISO/SAE 21434 designation also confirms that a certified corporate cyber security management system is in place. This verifies that cyber security is a priority focus at the organisation, from executive leadership to all organisational disciplines including the design, test, product, applications, marketing, quality, verification, and validation teams. Stakeholders involved in the product lifecycle are required to complete cyber security training and meet designated qualifications. A Threat Analysis and Risk Assessment (TARA) methodology is also incorporated at multiple stages of the product lifecycle when devices will be integrated into automotive cyber security-related platforms.

“Security is a core pillar at Microchip and the ISO/SAE 21434 certification is proof of our dedication to maintaining high standards in automotive cyber security,” said Matthias Kaestner, Corporate Vice President of Microchip's automotive business.

“Our customers can be confident that Microchip is a trusted security advisor with the appropriate expertise to guide them through their automotive cyber security design journey.”

While each OEM is responsible for proving compliance at the vehicle level, ISO/SAE 21434 encourages all companies in the production ecosystem to play a role in proactively helping manage cyber security threats. Customers utilising electronic control units that incorporate Microchip’s security products, designed within the ISO/SAE 21434 certified process framework, can be relieved of the arduous task of reviewing thousands of pages of process documentation to determine compliance. This reduces the burden placed on Tier-1s and OEMs to prove they have a strong foundation in security.