We automate IoT cybersecurity compliance
Zealience Compliance Management Software (Z-CMS) automates documentation work required for ETSI EN 303 645, one of the best standards to prepare for IoT cybersecurity regulations (e.g. Radio Equipment Directive Delegated Act, Cyber Resilience Act and UK PSTI)
What is Z-CMS?
Zealience Compliance Management Software (Z-CMS) automates the generation of technical documentation required to demonstrate compliace with ETSI EN 303 645. This standard is regarded as one of the best standards for consumer and enterprise IoT product security compliance. Don't know where to start? Z-CMS assists and fast-tracks your compliance work in the following ways:
Automatically identify applicable requirements
At the beginning of your project, Z-CMS asks you simple questions about your target device in order to automatically identify applicable requirements (i.e., "provisions" in the ETSI EN 303 645's term). This scoping feature prevents you from wasting time on unnecessary work.
Simply answer 'Intelligent Q&A' to compile documentation
The major challenge of product cybersecurity compliance is to document all the required
information. It requires deep technical knowledge and a lot of time.
Manufacturers typically spend more than a year for this activity alone.
Z-CMS makes this step easy and fast by providing comprehensive
intelligent Q&A (different questions are asked based on your previous answers) that you can simply
follow along. Rest assured that all the required information is captured and stored for you.
Immediately identify risks of non-compliance
As you fill in the intelligent Q&As, Z-CMS automatically identifies risks of non-compliance
and highlights the reasons behind. This instant feedback allows you to address the risks early
on, minimizing the costs to remediate them later.
Z-CMS currently covers 50% of
conceptal tests for this feature. Of course, we are working to achieve 100% coverage.
Manage and remediate risks of non-compliance
Once the risks of non-compliance are identified, they are aggregated in a risk register. This offers a single place for you to track and review your compliance risks. As you continuously work on the compliance activities, the risk register can frequently change; you may add or delete risks in the risk register or update existing risks with new risk treatments in your effort to remediate them.
Generate technical documents with one click
In 1 click, you can download the technical documentation for ETSI EN 303 645 (i.e., ICS, IXIT, and
risk register) as well as a tailor-made test plan for your device. You save 70% of manual typing thanks to Z-CMS' automation!
We take great care in the quality; the documents follow exactly the expectation of the standard.
This results in complete and accurate documentation.
Scale your compliance work across your portfolio of devices
Do you produce many devices and are looking for a scalable way to document them all? We can support your needs! In Z-CMS, you can assign multiple devices to the information you input. Thanks to this feature, any new information or modification you make in Z-CMS is reflected in all the relevant devices. This way, you will not waste time inputting and managing the same information twice, contributing to the significant time saving.
Why ETSI EN 303 645?
Best interim standard to prepare for RED Cybersecurity
ETSI EN 303 645 is one of the most popular standards to prepare for the Radio Equipment Directive Delegated Act. The relevance of the standard is evident as the RED DA's official standards, the EN 18031 series, also includes its mapping to ETSI EN 303 645.
Globally acknowledged as the best standard to demonstrate cybersecurity
ETSI EN 303 645 is well acknowledged globally and regarded as the reference standard for consumer IoT devices. Some countries have already introduced their own device security regulations, allowing manufacturers to use this standard to demonstrate compliance (e.g. UK Product Security and Telecommunications Infrastructure (PSTI)). Similarly, Finland's national consumer IoT certification scheme and Singapore’s national Cybersecurity Labelling Scheme are built on ETSI EN 303 645.