Microchip earns Certification in ISO/SAE 21434 road vehicle

The ISO/SAE 21434 standard has been established to outline requirements for managing cybersecurity risks associated with road vehicles. These cybersecurity requirements are designed to regulate automotive products throughout their entire lifecycle, from the initial concept to design, production, maintenance, and eventual decommissioning. Microchip Technology's corporate processes related to specific automotive work products have been audited by UL Solutions, a third party, and certified as compliant with the ISO/SAE 21434 standard.

The International Organization for Standardization (ISO) and the Society of Automobile Engineers (SAE) International collaborated to develop the ISO/SAE 21434 standard. It aims to assist organisations in defining cybersecurity policies and managing risk. This comprehensive specification encompasses 45 security categories, known as work products, each specifying a unique set of requirements that cover all facets of designing electrical and electronic systems for road vehicles, including integrated circuits, software, firmware, and libraries.

Achieving the ISO/SAE 21434 designation also confirms the presence of a certified corporate cybersecurity management system, underscoring the organisation's commitment to cybersecurity from the executive leadership down through all organisational disciplines, including design, test, product, applications, marketing, quality, verification, and validation teams. All stakeholders involved in the product lifecycle must undergo cybersecurity training and attain specified qualifications. Moreover, a Threat Analysis and Risk Assessment (TARA) methodology is implemented at various stages of the product lifecycle, particularly when devices are to be integrated into automotive cybersecurity-related platforms.

"Security is a fundamental pillar at Microchip, and achieving the ISO/SAE 21434 certification is evidence of our commitment to upholding high standards in automotive cybersecurity," stated Matthias Kaestner, corporate vice president of Microchip's automotive business.

"Our customers can rest assured that Microchip is a dependable security advisor, equipped with the necessary expertise to guide them through their automotive cybersecurity design journey."

While the responsibility for demonstrating compliance at the vehicle level lies with each Original Equipment Manufacturer (OEM), the ISO/SAE 21434 standard encourages all entities within the production ecosystem to proactively contribute to managing cybersecurity threats. Customers using electronic control units that incorporate Microchip’s security products, developed within the ISO/SAE 21434 certified process framework, are alleviated from the extensive task of sifting through thousands of pages of process documentation to ascertain compliance. This significantly reduces the burden on Tier-1 suppliers and OEMs to demonstrate a robust security foundation.