《ISO/SAE 21434: 2021 Road vehicles — Cybersecurity engineering 道路车辆网络安全工程》标准解读之(13)

5 Organizational cybersecurity management 组织网络安全管理/5.4 Requirements and recommendations 要求和建议/5.4.7 Organizational cybersecurity audit 组织网络安全审核
5.4.7 Organizational cybersecurity audit 组织网络安全审核

[RQ-05-17] A cybersecurity audit shall be performed independently to judge whether the organizational processes achieve the objectives of this document.
[RQ-05-17] 必须进行独立的网络安全审核,以判断组织过程是否实现了本文件的目标。

NOTE 1 A cybersecurity audit can be included in, or combined with, an audit in accordance with a quality management system standard, e.g. IATF 16949 in conjunction with ISO 9001.
(如IATF 16949 结合ISO 9001)的审核中,或与之结合实施。

NOTE 2 Independence can be based on, for example, the ISO 26262 series.
注2,例如,独立性可以基于ISO 26262系列标准。

NOTE 3 Persons that perform the audit can be internal or external to the organization.

NOTE 4 To ensure that organizational processes remain appropriate for cybersecurity, an audit can be performed periodically.

NOTE 5 Figure 7 illustrates the organizational cybersecurity audit in relation to other cybersecurity activities.


  1. 条款“5.4.7 Organizational cybersecurity audit 组织网络安全审核”的网络安全活动有1个要求(RQ):[RQ-05-17],没有建议(RC);
  2. 必须定期实施网络安全审核,以验证组织过程是否持续满足本文件的要求;
  3. 网络安全审核可以包含在质量管理体系的审核中,也可以与质量管理体系的审核并行一起实施。


  1. 网络安全审核计划;
  2. 网络安全审核记录;
  3. 网络安全审核报告;
  4. 网络安全审核不符合整改记录。


  1. 网络安全审核的要求,是否有形成书面的文件;
  2. 检查网络安全审核实施的记录,如审核计划,审核记录,审核报告以及不符合整改记录等。