- Consumer IoT Products
- Medical Devices
- Industrial Products
- Network Devices
Secura has extensive knowledge and experience on the standards and regulatory landscape across IoT to support you in this field.
Our teams help product manufacturers and integrators gain the highest level of security compliance, tailored to their needs.
Our services are built around internationally recognized certifications, standards and regulations.
Moreover, as the IoT has long ago passed the barriers of consumer products, organizations are making use of such products and solutions, making them an integral part of the ecosystem. In the ecosystem of IoT, manufacturers of products hold one of the most important roles: they are ultimately the ones that decide which features will be included in their products.
Historically, the world of IoT has been driven by functionality in the past years. The products with the most and more revolutionary features got an edge over their competition. Recently, the aspect of cybersecurity in IoT has become a topic that cannot be ignored. Moreover, we are at the point when cybersecurity issues associated with these products are not theoretical anymore and can very likely happen with the products that we use in our daily life. Scaling up this idea to the fact that what we call today IoT is not anymore linked fully to smart gadgets, but also includes vehicles, medical devices, industrial and telecommunication equipment, and more, gives the perspective of how critical a cybersecurity attack can prove to be.
The IoT domain has lacked for many years a clear set of relevant standards and frameworks to support manufacturers in developing good security into their products. Luckily, these days are gone. At the present moment, there are multiple internationally recognized standards, frameworks, and certification programs that could help manufacturers decide which set of security functionalities they would like to include in their products.
There are several examples that can be highlighted. The IEC 62443 family has become over the years the reference standard for industrial cybersecurity, covering also the components and systems. UL 2900 is seen as a reference family for security in medical devices. ETSI EN 303 645 is a recently finalized standard seen as the main reference for consumer IoT products. Finally, ISO 21434 is becoming a majorly recognized standard for cybersecurity processes and functionalities in connected vehicles.
Secura is your partner in the world of a product security evaluation, compliance, and certification. Our portfolio of possible services includes a broad selection of standards and certification schemes, covering multiple product domains. We offer our services based on our three pillars ‘Support and Preparation’, 'Compliance' and 'Certification'.
The road to product compliance (in line with a standard or regulation) starts with careful preparation. In some cases, for example for vehicles development, manufacturers need to focus strongly on how to meet all the applicable regulatory requirements from an early phase, to ensure that the vehicles can be afterwards placed on the market. The same applies to medical devices, which are also regulated from a security perspective. At the same time, Secura can support manufacturers with design reviews or recommendations to achieve compliance to a certain standard for products such as consumer IoT, network components or industrial products. Finally, preparation for an international certification program such as Common Criteria or IEC 62443 can be offered to interested manufacturers.
One of the most effective ways to improve market recognition and demonstrate a good security posture is demonstrating the product's compliance with the relevant international standards. Secura can support testing and compliance services in line with multiple standards, applicable for specific types of products. IEC 62443 testing and compliance can considerably increase the market recognition for industrial products, while UL 2900 compliance is a strong start for medical devices. In the world of consumer products, standards such as ETSI EN 303 645 or IoT Security Foundation can be used as a very good baseline for testing. Finally, the ISO 21434 standard for automotive cybersecurity management systems is a highly recognized standard that vehicle and components manufacturers can seek compliance with.
Official certification is ultimately the most important recognition
that a product can achieve. It means that the product's security is
backed not only by a test report but by an accredited organization or
government that has reviewed and approved the results of the test report.
There are multiple certification programs that Secura can support
manufacturers with, depending on the type of product. Common Criteria
is the most internationally recognized security certification scheme,
allowing international product recognition and easier access to local
governments or large-scale asset owners. Locally in the Netherlands,
Secura is one of the few labs that can support the BSPA evaluation,
which is seen as a light version of Common Criteria. Secura can support
vehicle manufacturers in the process of obtaining an official type
approval based on the UNECE regulations on Cybersecurity (R155) and Software Updates (R156). Finally, industrial systems and components can obtain their certification based on the IECEE scheme (based on IEC 62443), while consumer IoT products can be certified based on ETSI EN 303 645.
Cybersecurity is more than technology alone. Secura collaborates with partners in compliance and risk management, integrated application security, privacy, IT- and internet law and certification.