IATF Sanctioned Interpretations Update November 2019 Focus on Cyber Security Threads

In the latest update from IATF, cyber security is now more prominent. The requirements related to contingency plans and plant, facility and equipment planning are now updated with additional focus give to needs for controls related to cyber security thread. This is where adoption of new technology changes the way the automotive industry operates. With 5G on the horizon of deployment, communication technology is expected to take another leap. The machines that we use on the manufacturing shopfloor have migrated from isolated piece of equipment to local network server-link, and now to cloud-based software. Check out the latest requirements added via the updated SI’s on IATF website for ‘SI items 16 – 18 issued in October 2019, effective January 2020’

Here’s the link for download:

Extracts from SI items 16 – 18 issued in October 2019, effective January 2020’:

6.1.2.3 Contingency plans:

e) periodically test the contingency plans for effectiveness (e.g. simulations, as appropriate); cybersecurity testing may include a simulation of a cyber-attack, regular monitoring for specific threats, identification of dependencies and prioritization of vulnerabilities. The testing is appropriate to the risk of associated customer disruption;

Note: cybersecurity testing may be managed internally by the organization or subcontracted as appropriate

7.1.3.1 Plant, facility, and equipment planning

The organization shall use a multidisciplinary approach including risk identification and risk mitigation methods for developing and improving plant, facility, and equipment plans. In designing plant layouts, the organization shall:

a) … b) …

c) implement cyber protection of equipment and systems supporting manufacturing.