Sales and procurement in transition: Integration of cybersecurity

Adapting sales and purchasing processes to the new era of automotive cybersecurity

The specialized teams in sales and purchasing play a significant role within the automotive industry today when it comes to the new cybersecurity requirements. At the level of regulations and industry standards, cybersecurity has become such a driver that contractual relationships need to be adapted. In particular, the ongoing responsibility for cybersecurity in the operational phase (Continuous Cybersecurity Activities / Incident Management) requires unprecedented mutual dependency. New customer requirements and expectations affect sales and supplier selection. This is accompanied by numerous changes, such as a feasibility check when it comes to reuse, re-evaluations of suppliers, adjustments to procurement strategies and much more.

Learn about the impact of cybersecurity in the automotive as a Sales/Purchase member, and get the necessary knowledge to appropriately plan all stages of the sale/purchase process, as well as coordinate with the different stakeholders involved in the process to ensure cybersecurity best practices. Now you will find all learning content of the live training available as a video course series.

Advantages at a glance

  • Confidence in dealing with new customer requirements: Today, cybersecurity must be considered in quotation and contract designs with a view to feasibility, costs and timelines. The right understanding and associated skills to holistically integrate new customer requirements arising from cybersecurity into existing processes are essential. This enables sales and purchasing teams to better respond to customer needs and increase competitiveness in terms of cybersecurity.
  • Integration of cybersecurity into supplier selection and evaluation: The inclusion of additional cybersecurity criteria in the supplier selection process, properly implemented, fosters a stronger emphasis on security and quality in procured products and services.
  • Competence in performing critical reviews of component reusability: Cybersecurity requires new evaluation criteria for the extent to which the reusability of components and software is possible with regard to cybersecurity requirements (e.g. in terms of correct documentation).
  • Expertise in managing additional interfaces, including post-development: Driven by cybersecurity, new phases in the product lifecycle are coming into focus. Cybersecurity requirements need to be taken into account at an early stage in sales and procurement processes and coordination and negotiations need to be approached accordingly.

Learning objectives of the entire video course
What will you be able to do after completing this video learning course?
  • Consider cybersecurity development efforts and costs in quotes and agreements.
  • Include appropriate cybersecurity criteria in the supplier selection.
  • Effectively review and evaluate component reusability.
  • Set-up and manage interfaces across the product lifecycle.
  • Comprehend the impact of automotive hacks in and between all product lifecycle phases.
  • Understand the evolving customer expectorations.
  • Identify potential enablers and inhibitors of cybersecurity.

Content of the ACP Training Library (Total length: +5 hours)

This video course series consists of 33 single videos, according to the following listing (sorted by chapters)

By accessing this All-access bundle, you will then find a learning video (in English) for each topic listed below in your personal login area. Each individual learning video has a length of approx. 10 minutes. Please note: Downloading the learning videos is not possible for licensing reasons.

• Cybersecurity terms and definitions
• Automotive hacks

• The Difference between Regulations, Standards, and Laws
• Overview ISO/SAE 21434
• Overview standards, timeline, dependencies
• Regulations and standards apart ISO/SAE 21434
• UN Regulation No. 155 (CSMS + Type Approval)
• UN Regulation No. 156 (SUMS + Type Approval + RXSWIN)

ISO 24089 (SW over-the-air updates)
• Role of Governments and Authorities

• Vehicle ecosystem and challenges in V2X
• Impact of Cybersecurity on Product lifecycle

• Cybersecurity Management - Organizational level
• Policy, rules, processes, resources
• Cybersecurity culture

Stakeholder and communication
• Cybersecurity Management - Project level
• Impact of Cybersecurity on Project lifecycle
• Cybersecurity planning
• Distributed Development
• Supplier selection
• Cybersecurity Plan
• Cybersecurity Interface Agreement

Overview Product Security Incident Response Team (PSIRT)
Cybersecurity Monitoring
• Cybersecurity incident response plan


• Threat analysis and risk assessment (TARA)

Refined cybersecurity specification (system)

• Cybersecurity Risk Assessment

Cybersecurity in HW implementation (e.g. hardware security module=HSM)
Re-Use-and out-of-context

Introduction to Cybersecurity Controls
Automotive cybersecurity controls

Course plan

Intro to your ODV video learning course 🥉 CySec for Sales/Purchasing
📄 Chapter 01: Awareness
📄 Chapter 02: Automotive Cybersecurity Standards
📄 Chapter 03: Cybersecurity in Automotive Industry
📄 Chapter 04: Cybersecurity Management Courses
📄 Chapter 05: Cybersecurity Development
📄 Chapter 06: Risk Assessment
📄 Chapter 07: Cybersecurity Implementation
📄 Chapter 08: Cybersecurity controls
Certificate of Attendance (CoA) Sales/Purchasing