1 Scope
In addition to the guidelines in ISO 19011, this document provides guidelines to organizations that contribute to the achievement
of road vehicle cybersecurity throughout the supply chain on:
-
— managing an audit programme for a cybersecurity management system (CSMS);
-
— conducting organizational CSMSaudits;
-
— competencies of CSMS auditors; and
-
— providing evidence during CSMSaudits.
Elements of the CSMS are based on the processes described in ISO/SAE 21434. This document is applicable to those needing to understand or conduct internal or
external audits of a CSMS or to manage a CSMSaudit programme.
This document does not provide guidelines on cybersecurity assessments.