Extending the safety and quality supporting processes
A common challenge when introducing a cybersecurity management process is identifying how it can be integrated with existing processes.
To tackle this challenge, we must first assume that a quality management team exists that maintains the overall development life cycle – for example, by defining and maintaining a common engineering development handbook. There is usually also a safety engineering team that maintains a layer of safety practices on top of standard engineering practices. For example, there can be a process for managing requirements with safety overlays that describe expectations based on the ASIL of the system. The first hurdle is to determine how to adapt the quality and safety engineering process to account for cybersecurity activities. The natural step is to perform a gap analysis of ISO/SAE 21434 against the existing safety and quality engineering practices to determine how to integrate cybersecurity...
