We automate IoT cybersecurity compliance

Zealience Compliance Management Software (Z-CMS) automates documentation work required for ETSI EN 303 645, one of the best standards to prepare for IoT cybersecurity regulations (e.g. Radio Equipment Directive Delegated Act, Cyber Resilience Act and UK PSTI)

IoT devices

What is Z-CMS?

Zealience Compliance Management Software (Z-CMS) automates the generation of technical documentation required to demonstrate compliace with ETSI EN 303 645. This standard is regarded as one of the best standards for consumer and enterprise IoT product security compliance. Don't know where to start? Z-CMS assists and fast-tracks your compliance work in the following ways:

Automatically identify applicable requirements

At the beginning of your project, Z-CMS asks you simple questions about your target device in order to automatically identify applicable requirements (i.e., "provisions" in the ETSI EN 303 645's term). This scoping feature prevents you from wasting time on unnecessary work.

Zealience dashboard showing applicable provisions
Zealience software identifies risks of non-compliance

Simply answer 'Intelligent Q&A' to compile documentation

The major challenge of ETSI EN 303 645 is to document all the required information in so-called "IXIT" forms. It requires deep technical knowledge and a lot of time. Imagine that you have to flip through 250 pages of the standard to figure out how to fill it in! Manufacturers typically spend more than a year for this activity alone.
Z-CMS makes this step easy and fast by providing comprehensive intelligent Q&A (different questions are asked based on your previous answers) that you can simply follow along. Rest assured that all the required information is captured and stored for you.

Immediately identify risks of non-compliance

As you work with Z-CMS, it automatically identifies risks of non-compliance and highlights the reasons behind. This instant feedback allows you to address the risks early on, minimizing the costs to remediate them later.
The image shown here demonstrates a typical example of Z-CMS' risk identification feature. When you answer questions in a certain way that is considered a risk of non-compliance, it highlights the risk immediately and explains the reasons behind. Z-CMS currently covers 50% of conceptal tests. Of course, we are working to achieve 100% coverage.

Zealience software identifies risks of non-compliance
Zealience dashboard showing risks of non-compliance

Manage and remediate risks of non-compliance

Once the risks of non-compliance are identified, they are aggregated in a risk register. This offers a single place for you to track and review your compliance risks. As you continuously work on the compliance activities, the risk register can frequently change; you may add or delete risks in the risk register or update existing risks with new risk treatments in your effort to remediate them. Without automation, managing your risks can quickly be out of hand. Z-CMS thus provides a single place to manage your risks of non-compliance.

Generate technical documents with one click

With a click of a button, you can download the technical documentation required for ETSI EN 303 645 compliance (i.e., ICS, IXIT, and risk register) as well as a tailor-made test plan for your device. You save 70% of manual typing thanks to Z-CMS' automation.
All the documents generated by Z-CMS are of high quality; the information is populated according to the expectation of the standard. This results in complete and accurate documentation which will ease and fasten the review work of the tester.

Zealience generates required documents
Zealience dashboard showing risks of non-compliance

Scale your compliance work across your portfolio of devices

It is common that IoT manufacturers produce multiple types of devices. Even if their form factors are different, they often share hardware or software components, making them almost identical from the cybersecurity perspective. The concept of "reusability" across your device portfolio is thus crucial for the timely completion of your compliance work.
With Z-CMS, you no longer have to create documentation for each device - you can declare information and assign it across your device portfolio. Thanks to this feature, any new information or modification you make in Z-CMS is reflected in all the relevant devices. This way, you will not waste time inputting and managing the same information twice, contributing to the significant time saving.

Why ETSI EN 303 645?

Best interim standard to prepare for the upcoming EU regulations

There is growing consensus that ETSI EN 303 645 is the best interim standard to prepare for the upcoming EU regulations. Despite its original focus on consumer IoT devices, many manufacturers of non-consumer products are applying it successfully to prepare for the regulations.
The relevance of the standard to the RED Delegated Act is confirmed by ETSI who published in ETSI TS 103 929 a mapping (*1) between ETSI EN 303 645 and the essential requirements of the RED Delegated Act(*2).
The European Union Agency for Cybersecurity (ENISA) also concluded that "regarding the product-related security requirements of the first list of CRA Annex I, the standard ETSI EN 303 645 has been indicated to us as one of the most relevant"(*3).

*1: ETSI TS 103 929 v1.2.1; *2: Annex 1 of Commission Implementing Decision C(2022)5637; *3: Cyber Resilience Act Requirements Standards Mapping - Joint Research Centre & ENISA Joint Analysis, p.53
ETSI EN 303 645 covers Radio Equipment Directive DR and CRA
ETSI EN 303 645 global mapping

Globally acknowledged as the best standard to demonstrate cybersecurity

ETSI EN 303 645 is well acknowledged globally and regarded as the reference standard for consumer IoT devices. Some countries have already introduced their own device security regulations, allowing manufacturers to use this standard to demonstrate compliance (e.g. UK Product Security and Telecommunications Infrastructure (PSTI)). Similarly, Finland's national consumer IoT certification scheme and Singapore’s national Cybersecurity Labelling Scheme are built on ETSI EN 303 645.

Simply see it for yourself!

For a demo or a free trial:

phone icon

+49 69 505027142

Included in the free trial:

check icon

1-month trial of the software

check icon

Free customer support

check icon

Simple and secure on-prem software installation

Zealience

Schumannstraße 27, 60325 Frankfurt am Main

+49 69 505027142

info@zealience.com

© 2024 Zealience GmbH All Rights Reserved