An organization that adheres to the DIS of ISO21434 is supposed to continuously monitor cybersecurity information from external and internal sources [RQ-07-01]. It will then decide whether or not to trigger a cybersecurity event, which starts a vulnerability analysis that will eventually initiate according risk treatments. For example, such sources could be researchers, suppliers, customers, governments, or simply the results from internal analyses.
When a source yields an information, the gathered information is evaluated regarding predefined Triggers (part of [RQ-05-02]) to decide whether they should yield a Cybersecurity Event [WP-07-02]. This step is called Triage. A Vulnerability Analysis shall be performed for each event [RQ-07-04]. The vulnerabilities with their attack feasibility ratings will be fed into the Vulnerability Management (7.6) which will initiate the treatment of risks according to Clauses 8.9, 9 and 10.
Of course, these continuous cybersecurity activities are performed throughout the lifecycle and possibly outside of a project.