Skip to content
Exeleo.tech – your best partner for automotive safety and cybersecurity
  • Home
  • About
  • Services
  • Blog
  • Contact
Request Quote
Request Quote
Exeleo.tech – your best partner for automotive safety and cybersecurity
  • Home
  • About
  • Services
  • Blog
  • Contact

ISO 26262 – what is that?

The ISO 26262 series of standards is the adaptation of IEC 61508 series of standards to address the sector specific […]

ISO 26262 – what is that? Read More »

FuSa

What is SOTIF?

Coming soon

What is SOTIF? Read More »

SOTIF

Copyright © 2025 Exeleo.tech - your best partner for automotive safety and cybersecurity | Powered by exeleo.tech | Privacy policy

Manage Cookie Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferencje
Przechowywanie lub dostęp techniczny jest niezbędny do uzasadnionego celu przechowywania preferencji, o które nie prosi subskrybent lub użytkownik.
Statistics
Przechowywanie techniczne lub dostęp, który jest używany wyłącznie do celów statystycznych. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}
15. Threat analysis and risk assessment methods (TARA)

This part contains:

  • Process description for TARA
  • Template with examples for [WP-09-02] TARA which covers:
    • [WP-15-01] Damage scenarios
    • [WP-15-02] Assets with cybersecurity properties
    • [WP-15-03] Threat scenarios
    • [WP-15-04] Impact ratings with associated impact categories
    • [WP-15-05] Attack paths
    • [WP-15-06] Attack feasibility ratings
    • [WP-15-07] Risk values
    • [WP-15-08] Risk treatment decisions
  • Verification review checklist for TARA (and all listed WPs)
14. End of cybersecurity support and decommissioning

This part contains:

  • Process description for end of cybersecurity support and decommissioning
  • Guideline with best practices for:
    • [WP-14-01] Procedures to communicate the end of cybersecurity support
13. Operations and maintenance

This part contains:

  • Process description for operations and maintenance
  • Template with examples for:
    • [WP-13-01] Cybersecurity incident response plan
  • Verification review checklists for [WP-13-01]
12. Production

This part contains:

  • Process description for production phase
  • Guideline with best practices for:
    • [WP-12-01] Production control plan
  • Verification review checklists for [WP-12-01]
11. Cybersecurity validation

This part contains:

  • Process description for cybersecurity validation
  • Template with examples for:
    • [WP-11-01] Validation report
  • Verification review checklists for [WP-11-01]
10. Product development phase

This part contains:

  • Process description for product development phase
  • Guideline with best practices for:
    • [WP-10-01] Cybersecurity specifications
    • [WP-10-02] Cybersecurity requirements for post-development
    • [WP-10-03] Documentation of the modelling, design, or programming languages and coding guidelines
    • [WP-10-05] Weaknesses found during product development
    • [WP-10-06] Integration and verification specification
  • Template with examples for:
    • [WP-10-04] Verification report for the cybersecurity specifications
    • [WP-10-07] Integration and verification report
  • Verification review checklists for [WP-10-01], [WP-10-03], [WP-10-05], [WP-10-06] and [WP-10-07]
9. Concept phase

This part contains:

  • Process description for concept phase
  • Guideline with best practices for:
    • [WP-09-03] Cybersecurity goals
    • [WP-09-04] Cybersecurity claims
  • Template with examples for:
    • [WP-09-01] Item definition
    • [WP-09-02] TARA
    • [WP-09-05] Verification report for cybersecurity goals
    • [WP-09-06] Cybersecurity concept
    • [WP-09-07] Verification report of cybersecurity concept
  • Verification review checklists for [WP-09-01] and [WP-09-02]
5. Organizational cybersecurity management

This part contains:

  • Process description for cybersecurity management
  • Guideline with best practices for:
    • [WP-05-01] Cybersecurity policy, rules and processes
    • [WP-05-03] Evidence of the organization’s management systems
  • Template with examples for:
    • [WP-05-02] Evidence of competence management, awareness management and continuous improvement
    • [WP-05-04] Evidence of tool management
    • [WP-05-05] Organizational cybersecurity audit report
  • Verification review checklists for [WP-05-01], [WP-05-02] , [WP-05-03]  and [WP-05-04]

 

6. Project dependent cybersecurity management

This part contains:

  • Process description for cybersecurity project management
  • Template with examples for:
    • [WP-06-01] Cybersecurity plan
    • [WP-06-02] Cybersecurity case
    • [WP-06-03] Cybersecurity assessment report
    • [WP-06-04] Release for post-development report
  • Verification review checklists for [WP-06-01], [WP-06-02] and [WP-06-04]
7. Distributed cybersecurity activities

This part contains:

  • Process description for cybersecurity activities distribution
  • Guideline with best practices for:
    • Supplier capability
    • Request for quotation
  • Template with examples for:
    • [WP-07-01] Cybersecurity interface agreement
  • Verification review checklist
8. Continual cybersecurity activities

This part contains:

  • Process description for continual cybersecurity activities
  • Guideline with best practices for:
    • [WP-08-01] Sources for cybersecurity information
    • [WP-08-02] Triggers
    • [WP-08-03] Cybersecurity events
    • [WP-08-04] Weaknesses from cybersecurity events
    • [WP-08-05] Vulnerability analysis
  • Template with examples for:
    • [WP-08-06] Evidence of managed vulnerabilities
  • Verification review checklists for all work products
4. General considerations

This part contains:

  • General ISO21434 purpose
  • Cybersecurity risk management overview
  • Relationships between item, cybersecurity assets, goals etc.
Send us a message!
Loading
Scroll to Top