Item definition Template (acc. to ISO/SAE 21434:2021) [Customizable Word/Excel file]


Along the ISO/SAE 21434 Road Vehicles - Cybersecurity Engineering, the Item definition is technically considered the starting point for cybersecurity-related engineering activities. The Item definition is a key work product that lays the foundation for effective cybersecurity engineering in automotive and vehicle development. Proper preparation and elaboration of the Item definition is therefore of particular importance, as it lays the foundation for all work products associated with it in the further course of the development lifecycle. This requires particular care in the preparation of the Item definition and the correct collection of the associated information. It is therefore advisable for those responsible to have a professional approach to this task established and applied - for example in the form of our professional template.

By using our template (incl. customizable Word and Excel file), teams can ensure that their Item definition is comprehensive, structured and in line with the ISO/SAE 21434 standard, improving the cybersecurity position of automotive products.

Important: The Item definition (in ISO/SAE 21434:2021, Clause 9 it is [WP-09-01]) is a mandatory work product to ensure compliance with ISO/SAE 21434.

Information about this template
By purchasing the Item definition template offered here, you will receive working materials designed to simplify the creation and management of this work product.

This template Item definition consists of two documents:
  • An open Word template file (file format: .dotx, open file) for the elaboration of the work product
  • A supplementary checklist as Excel template file (file format: .xltx, open file) incl. a short instruction how to use it during the development of the work product
This template includes extensive information and explanations about the work product Item definition in general as well as the exact procedure for its custom/tailored development.



The Word template file is designed to facilitate the complete processing of the Item definition according to a predefined structure. The template file is an open working document that can be filled individually according to the associated instructions. All essential information can be entered along predefined sections, as provided for by the work product in the proper formulation.



Within the Excel file you will also find brief instructions with explanations of how to work with the checklist and the associated working methods in your organization-specific context.

Benefits of using our Word/Excel template as an ISO/SAE 21434 template

The Item definition is a key work product that lays the foundation for a product's cybersecurity engineering activities during the development phase. It serves as a reference for decision-making and helps with alignment between customers/suppliers regarding scope requirements around cybersecurity implementations.

Using the Item definition template offers you the following advantages:

- Ensuring conformity with the requirements of ISO/SAE 21434
- Support for the consideration of cybersecurity requirements
- Utilization of best-practice know-how from the real vehicle development project business
- Simplification of documentation and associated preparation processes
- More efficient working methods in proper and correct preparation
- Promoting cooperation between different disciplines and, if necessary, across organizations between suppliers and OEMs

Supplementary information on Item definition along the ISO/SAE 21434

According to ISO/SAE 21434, an "item" is defined as a component or a group of components that implement a function at vehicle level. This deliberately broad definition is intended to ensure that both OEMs and suppliers, regardless of their position in the supply chain, properly ensure the inclusion of cybersecurity requirements in their products with regard to E/E systems.

Purpose of the Item definition
The work product of the Item definition, as the starting point of the concept phase within the cybersecurity development, aims to achieve this:
  • Establish a clear understanding of product relevance for cybersecurity
  • To serve as a reference point for all subsequent cybersecurity activities, including the Threat Analysis and Risk Assessment Method (TARA) and the development of the cybersecurity concept (cybersecurity goals, cybersecurity claims)
  • The involvement of various functions and disciplines should be promoted in order to ensure a holistic view of a product's cybersecurity landscape
Content of the Item definition
The initial Item definition should include at least the following:
  • Preliminary system architecture
  • Expected system functionalities
  • Description of dependencies and interactions with the operating environment
  • Interfaces to other items in the context of cybersecurity
  • Assumptions about the operating environment and potential cybersecurity impacts
Connection to the development project
The processing of the Item definition should be closely linked to the responsible functions and processes of the development project, as it forms the basis for all cybersecurity considerations and measures. It starts with existing information about the project and evolves as more information becomes available.

Requirements/framework conditions for a successful item definition
Before the Item definition is created, a preliminary system architecture and the expected functionalities of the product should already be defined. Close collaboration between the system engineering, software, hardware and functional safety disciplines is also beneficial from the outset. When dealing with the Item definition for the first time, you often come across an incomplete project landscape or one that is still under development. Information may be incomplete or assumptions not yet fully defined. During the development of the Item definition, information is systematically collected and documented. This includes the identification of system boundaries, interfaces, dependencies and potential security risks.

Who is the template Item definition for?

Our template Item definition is aimed at a broad spectrum of professionals in the automotive and vehicle development industry, both on the OEM and supplier side, as well as experts involved (service providers, consultancies, freelancers, etc.). In view of the interdisciplinary challenges and the need for comprehensive cooperation, the target group includes in particular those involved in working practice in the following domains:

  • System engineers/system architects: Specialists responsible for the preliminary system architecture and the definition of system boundaries.
  • Software developers and software architects: Those who design and implement the expected functionalities of the product.
  • Hardware engineers: Specialists who are involved in the development of the physical components of the system and ensure their integration into the overall system.
  • Functional safety specialists: Experts who analyze safety risks and develop risk reduction measures.
  • Cybersecurity specialists: Professionals who deal with the identification of potential security threats and the development of appropriate protective measures.
  • Project managers and project leaders: people responsible for overseeing development projects, including compliance with standards and coordination between different teams.
  • Quality managers: Professionals who ensure that the development results meet the defined quality standards and safety requirements.
  • Cybersecurity and functional security consultants: External experts who support companies in the implementation of security standards and practices.
In addition, the template is also relevant for cooperation between business partners at all levels who supply components and systems that are integrated into larger vehicle systems. Technical managers and development engineers in particular play a key role here, as they are directly involved in defining and implementing the technical specifications. These different target groups benefit from the structured and standard-compliant approach (along ISO/SAE 21434:2021) that the template offers by helping to reduce the complexity of Item definition and ensure consistent documentation throughout the development process.

The Word/Excel template thus serves as a valuable tool to effectively overcome the challenges of incomplete information, changing project requirements and capturing all relevant safety aspects.


FAQs

Q: Who is the Word template for the Item definition intended for?
The template Item definition is designed for a wide range of professionals in the automotive and vehicle development industry, including systems engineers, software developers, hardware engineers, functional safety professionals, cybersecurity specialists, project managers, quality managers, and cybersecurity and functional safety consultants.

Q: What does the template contain?
The template includes predefined sections for all essential information that must be recorded as part of the Item definition, including system architecture, expected functionalities, dependencies, interfaces, assumptions about the operating environment and potential security risks.

The scope of delivery includes:
(1) an open Word file (as an open Word template file with branding of CYRES Consulting)
(2) and a supplementary checklist (as an open Excel template file with branding of CYRES Consulting).

Q: How does the template help with ISO/SAE 21434 compliance?
The template is specifically designed to meet the requirements of ISO/SAE 21434. It provides a structured approach to documenting the Item definition, facilitates the identification and documentation of security risks and supports the systematic collection and management of information relevant to cybersecurity engineering.

Q: Can the template be adapted to specific project requirements?
Yes, the template is designed to be flexible and can be adapted to the specific requirements of your project. It serves as a starting point that can be expanded and modified as required to reflect the uniqueness of each development project.

Q: How does the template support interdisciplinary collaboration?
The template promotes collaboration between different disciplines by providing a common framework for documentation and the exchange of information. It facilitates communication between system engineers, software and hardware teams and security experts and helps all parties involved to develop a common understanding of the product's cybersecurity requirements.

Q: Are supplementary training courses or introductions to the Item definition available?
Around the entire topic area of cybersecurity development along ISO/SAE 21434, you will find introductions and training materials to help you get started with the template and ensure you realize its full potential on the CYRES Academy online training platform (e.g. Item definition - Video course).These resources are designed to provide you with an advanced understanding of the structure and purpose of the various work products around ISO/SAE 21434. For individual training needs or consulting support with the template, please contact us.

Q: What happens if my project has very specific or unique requirements?
The template is designed as a general and flexible tool that can be adapted to a wide range of project requirements. If you encounter specific challenges that are not directly addressed in the template, we recommend that you complete the extensions and adaptations yourself based on the given structures or contact our experts to discuss customized solutions or adaptations.

Q: How is support provided after purchasing the template?
Please note that the purchase of the item definition template as a stand-alone digital product does not entitle you to support for the actual work and implementation of the work product. After purchasing the template, you will automatically receive the purchased files digitally. Possible questions regarding technical support or questions regarding the application and customization of the template as well as the solution of specific challenges that may arise during use are not part of the scope of delivery. However, our aim is to ensure that you can use the template effectively for your project requirements by including extensive explanations on how to handle the documents.

Q: How is the template updated to keep pace with new developments?
Please note that you will receive this template as a digital product at the time of purchase; regular updates are not part of the purchase contract. Currently (2024), the present template complies with the latest requirements and best practices of ISO/SAE 21434:2021 (the "First Edition", published in 2021) and is based on real project work in the vehicle development context.