<p>In addition to the guidelines in ISO 19011, this document provides guidelines to organizations that contribute to the achievement of road vehicle cybersecurity throughout the supply chain on:</p>
<p>— managing an audit programme for a cybersecurity management system (CSMS);</p>
<p>— conducting organizational CSMS audits;</p>
<p>— competencies of CSMS auditors; and</p>
<p>— providing evidence during CSMS audits.</p>
<p>Elements of the CSMS are based on the processes described in ISO/SAE 21434. This document is applicable to those needing to understand or conduct internal or external audits of a CSMS or to manage a CSMS audit programme.</p>
<p>This document does not provide guidelines on cybersecurity assessments.</p>
Registration number (WIID)
92730
Scope
<p>In addition to the guidelines in ISO 19011, this document provides guidelines to organizations that contribute to the achievement of road vehicle cybersecurity throughout the supply chain on:</p>
<p>— managing an audit programme for a cybersecurity management system (CSMS);</p>
<p>— conducting organizational CSMS audits;</p>
<p>— competencies of CSMS auditors; and</p>
<p>— providing evidence during CSMS audits.</p>
<p>Elements of the CSMS are based on the processes described in ISO/SAE 21434. This document is applicable to those needing to understand or conduct internal or external audits of a CSMS or to manage a CSMS audit programme.</p>
<p>This document does not provide guidelines on cybersecurity assessments.</p>
