Cybersecurity Plan Template (acc. to ISO/SAE 21434:2021) [Customizable Word/Excel file]


Along ISO/SAE 21434 Road Vehicles - Cybersecurity Engineering, the Cybersecurity Plan is a fundamental work product necessary for orchestrating all cybersecurity activities throughout the development lifecycle of vehicles and its components. As a key work product that lays the foundation for effective cybersecurity engineering in automotive and vehicle development. This plan is crucial for ensuring that all relevant cybersecurity activities are planned, executed and documented. Proper preparation and elaboration of the Cybersecurity Plan are essential, as this document lays the foundation for all cybersecurity-related efforts. Therefore, it is advisable for those responsible to have a professional approach to this task established and applied – for example, in the form of our professional template.

By using our template (incl. customizable Word file, a corresponding checklist + an additional Work Product Task Plan template as Excel file), teams can ensure that their Cybersecurity Plan is comprehensive, structured, and in line with the ISO/SAE 21434 standard, thereby improving the cybersecurity posture of automotive products.

Important: The Cybersecurity Plan (in ISO/SAE 21434:2021, Clause 9 it is [WP-06-01]) is a mandatory work product to ensure compliance with ISO/SAE 21434.


Information about this template
By purchasing the Cybersecurity Plan template offered here, you will receive working materials designed to simplify the creation and management of this work product.

This template Cybersecurity Plan consists of three documents:

  • An open Word template file (file format: .dotx, open file) for the elaboration of the work product
  • A supplementary checklist as Excel template file (file format: .xltx, open file) including a short instruction on how to use it during the development of the work product
  • A Work Product Task Plan as additional Excel template file (file format: .xltx, openfile) for planning and tracking all Cybersecurity relevant work products in a development project
This template includes extensive information and explanations about the work product Cybersecurity Plan in general, as well as the exact procedure for its custom/tailored development.



The Word template file is designed to facilitate the complete processing of the Cybersecurity Plan according to a predefined structure. The template file is an open working document that can be filled individually according to the associated instructions. All essential information can be entered along predefined sections, as provided for by the work product in the proper formulation.



Within the Checklist Excel file you will also find brief instructions with explanations of how to work with the checklist and the associated working methods in your organization-specific context.


The Cybersecurity Work Product Task Plan (provided as an open Excel file) provides you with a simple basis for identifying and tracking cybersecurity-relevant work products (in accordance with ISO/SAE 21434) within a development project in the form of a dedicated tracking document, which makes it easier for you to monitor your elaborations and ensure compliance with ISO/SAE 21434 in the project. (Includes a short explanation on how to fill in the document).


Benefits of using our Word/Excel template as an ISO/SAE 21434 template for your project

The Cybersecurity Plan is a key work product that describes the project level specific cybersecurity activities for a (vehicle/automotive) development project. It provides details and interdependencies with internal and external partners on a project. The Cybersecurity Plan document is created for the project level and hence can be considered as complementary to a given Cybersecurity Management System (CSMS) which is created at organizational level. The Cybersecurity Plan serves as a reference for decision-making and helps with alignment between customers/suppliers regarding scope and requirements around cybersecurity implementations. As a "living" document, the Cybersecurity Plan is intended to be a comprehensive source of information (also required as a dedicated Work product by ISO/SAE 21434) to track in detail the dependencies, resources, responsibilities and the progress of the implementation of cybersecurity activities (with their respective levels of maturity) along all phases of the lifecycle.

Using this Cybersecurity Plan template offers you the following benefits:

- Ensuring conformity with the requirements of ISO/SAE 21434
- Providing overview of required cybersecurity activities and supporting reasonable time and effort estimations
- Utilization of best-practice know-how from the real vehicle development projects
- Simplification of documentation and associated preparation processes
- More efficient working methods in proper and correct preparation
- Promoting cooperation between different disciplines and, if necessary, across organizations between suppliers and OEMs


Supplementary information on Cybersecurity Plan along the ISO/SAE 21434

How do you track and monitor everything that is required in terms of cybersecurity in an automotive/vehicle development project? This question needs special attention, especially with regard to the entire lifecycle, all resources involved, all responsibilities (and much more).

The Cybersecurity Plan, as required by ISO/SAE 21434, provides a structure for tracking all cybersecurity activities in development projects that fall under the relevance criteria of automotive cybersecurity.

Purpose of the Cybersecurity Plan
In every vehicle development-specific development project, project-specific cybersecurity management must be carried out, not least with the help of the Cybersecurity Plan as a dedicated work product of the ISO/SAE 21434 standard. Whether referencing the actual project plan or included in the project plan, the Cybersecurity Plan (which is continuously updated incrementally during the project) has the task of ensuring the following aspects:

  • Holistic overview, comprehensive planning and documentation of realization of cybersecurity activities in an automotive development project (according to the requirements of ISO/SAE 21434)
  • Meeting the demands of creating an overview and ensuring communication regarding the responsibilities and accountabilities for cybersecurity activities in a development project
  • Creation of a continuously maintained source of information for all dependencies, personnel responsibilities, resource requirements and further information on activities and work products
  • Dedicated tracking of progress in cybersecurity activities through the incrementally maintained Cybersecurity Plan document
Content of the Cybersecurity Plan
According to ISO/SAE 21434 the Cybersecurity Plan should include at least the following:
  • objective of an [cybersecurity] activity,
  • dependencies on other activities or information;
  • personnel responsible for performing an activity;
  • required resources for performing an activity;
  • starting point or end point, and the expected duration of an activity; and
  • identification of the work products to be produced.

Who is the template Cybersecurity Plan for?

Our template Cybersecurity Plan is aimed at a broad spectrum of professionals in the automotive and vehicle development industry, both on the OEM and supplier side, as well as experts involved (service providers, consultancies, freelancers, etc.). In view of the interdisciplinary challenges and the need for comprehensive cooperation, the target group includes in particular those involved in working practice in the following domains:

  • Cybersecurity managers: Professionals who are responsible for overseeing the overall cybersecurity strategy and implementation.
  • Project managers and Project leaders: People responsible for overseeing new products/development projects, including compliance with (cybersecurity) standards and coordination between different teams and organizations.
  • Quality managers and Risk Management Officers: Professionals who ensure that the development results meet the defined quality standards and safety requirements and (cybersecurity) risks are identified and managed accordingly.
  • System engineers/system architects: Specialists responsible for the preliminary system architecture and the definition of system boundaries, who also need to understand how cybersecurity considerations are integrated.
  • Software developers and Software architects: Those who design and implement the expected functionalities of the product.
  • Hardware engineers: Specialists who are involved in the development of the physical components of the system and ensure their integration into the overall system.
  • Cybersecurity specialists: Professionals who deal with the identification of potential security threats and the development of appropriate protective measures.
  • Cybersecurity and functional security consultants: External experts who support companies in the implementation of security standards and practices.
In addition, the template is also relevant for cooperation between business partners at all levels who supply components and systems that are integrated into larger vehicle systems.

The Word/Excel template thus serves as a valuable tool to effectively overcome the challenges of incomplete information, changing organizational/project-related circumstances and capturing all relevant cybersecurity aspects.


FAQs

Q: Who is the template for the Cybersecurity Plan intended for?
The template Cybersecurity Plan is designed for a wide range of professionals in the automotive and vehicle development industry, including cybersecurity managers, project managers, quality managers, systems engineers, sw/hw engineers and developers, cybersecurity specialists, and cybersecurity and functional safety consultants.

Q: What does the template contain?
The template includes predefined sections for all essential information that must be recorded as part of the Cybersecurity Plan, including Project dependent Cyberecurity Management, Distributed Cybersecurity activities, Continual Cybersecurity activities, Concept, Product Development, and more.

The scope of delivery includes:
(1) An open Word file (as an open Word template file with branding of CYRES Consulting),
(2) a supplementary checklist (as an open Excel template file with branding of CYRES Consulting),
(3) and an additional Work Product Task Plan template (as an open Excel template file with branding of CYRES Consulting).

Q: How does the template help with ISO/SAE 21434 compliance?
The template is specifically designed to meet the requirements of ISO/SAE 21434. It provides a structured approach to create a Cybersecurity Plan document, facilitates the identification and documentation of security risks and supports the systematic collection and management of information relevant to cybersecurity engineering.

Q: Can the template be adapted to specific project requirements?
Yes, the template is designed to be flexible and can be adapted to the specific requirements of your project. It serves as a starting point that can be expanded and modified as required to reflect the uniqueness of each development project.

Q: How does the template support interdisciplinary collaboration?
The template promotes collaboration between different disciplines by providing a common framework for documentation and the exchange of information. It facilitates communication between system engineers, software and hardware teams and security experts and helps all parties involved to develop a common understanding of the product's cybersecurity requirements.

Q: Are supplementary training courses or introductions to the Cybersecurity Plan available?
Around the entire topic area of cybersecurity development along ISO/SAE 21434, you will find introductions and training materials to help you get started with the template and ensure you realize its full potential on the CYRES Academy online training platform (e.g. Cybersecurity Plan - Video course). These resources are designed to provide you with an advanced understanding of the structure and purpose of the various work products around ISO/SAE 21434. For individual training needs or consulting support with the template, please contact us.

Q: What happens if my project has very specific or unique requirements?
The template is designed as a general and flexible tool that can be adapted to a wide range of project requirements. If you encounter specific challenges that are not directly addressed in the template, we recommend that you complete the extensions and adaptations yourself based on the given structures or contact our experts to discuss customized solutions or adaptations.

Q: How is support provided after purchasing the template?
Please note that the purchase of the Cybersecurity plan template as a stand-alone digital product does not entitle you to support for the actual work and implementation of the work product. After purchasing the template, you will automatically receive the purchased files digitally. Possible questions regarding technical support or questions regarding the application and customization of the template as well as the solution of specific challenges that may arise during use are not part of the scope of delivery. However, our aim is to ensure that you can use the template effectively for your project requirements by including extensive explanations on how to handle the documents.

Q: How is the template updated to keep pace with new developments?
Please note that you will receive this template as a digital product at the time of purchase; regular updates are not part of the purchase contract. Currently (2024), the present template complies with the latest requirements and best practices of ISO/SAE 21434:2021 (the "First Edition", published in 2021) and is based on real project work in the vehicle development context.