Notations
As you read this chapter, we expect that you will frequently be consulting the ISO/SAE 21434 standard to better understand a process requirement or work product. When doing so, it helps to understand a few conventions that the International Organization for Standardization (ISO) standard uses. First, the standard denotes mandatory process requirements with [RQ-xx-yy], where xx is the section number and yy is the requirement number within that section. Failure to meet a process requirement will trigger a finding by an auditor, so it is important to pay attention to those requirements. On the other hand, recommended practices are denoted as [RC-xx-yy]. It is good practice to include all the recommendations within your cybersecurity engineering process. Note that assessors will question why a recommendation was ignored by a specific project. [PM-xx-yy] refers to project management-related process statements that can be considered when you’re conforming to a specific standard...
