Success Story
Siemens' Successful EN 18031 Certification with Z-CMS
Challenge
Siemens needed to achieve EN 18031 compliance for a complex device—a project requiring extensive technical documentation and coordination across 20+ engineers from multiple technical domains.
Solution
Following their Notified Body's recommendation (VDE Prüf- und Zertifizierungsinstitut GmbH), Siemens adopted Z-CMS to create EN 18031 Technical Documentation and Test Plans that were accepted without modifications.
Key Results
EU Type Examination Certificate attained based on Z-CMS generated Technical Documentation
Zero corrections by Notified Body facilitating smooth certification process
20-person team coordination made possible by Z-CMS
Siemens' EN 18031 Compliance Journey
When we at Siemens faced compliance with EN 18031 standards—the harmonized standards for product cybersecurity under the Radio Equipment Directive Delegated Act (RED DA)—the challenge was immediately clear. This was not just another certification. EN 18031 demanded something fundamentally different: comprehensive documentation of technical product details—interfaces, communication protocols, software components, security mechanisms—at a level of granularity we had never encountered in our decades of experience with safety and other security standards. For our complex device with numerous interfaces and advanced communication protocols, the sheer volume of technical details required was overwhelming.
The real pressure came from coordination. We needed to orchestrate approximately 20 specialized engineers from our development departments, each holding deep expertise in specific technical domains. How do we ensure nothing gets missed when knowledge is distributed across so many specialists? How do we maintain consistency when everyone is contributing different pieces? The stakes were high: Incomplete or inconsistent documentation would mean rejection, revision cycles, and significant delays in bringing our product to market. Adding to the uncertainty, the EN 18031 standards themselves provide limited guidance on how to interpret requirements or structure the documentation—leaving us to figure out the "how" largely on our own.
Our Notified Body (VDE) recognized these challenges and recommended Zealience and Z-CMS. After evaluating the market, we found no other solution offered comparable capabilities for navigating EN 18031's unique requirements. It became the definitive choice for our compliance initiative—and the foundation for everything that followed.
What Siemens Loved About Z-CMS
-
Intelligent Q&A: The questionnaire approach provided a systematic methodology for addressing EN 18031's complex requirements. With detailed guidance and practical examples integrated throughout, Z-CMS offered the level of specificity needed to navigate the standards effectively—providing the detailed implementation guidance required for our complex product architecture.
-
Centralized Collaboration Platform: With approximately 20 engineers involved, Z-CMS served as the central coordination system for our compliance initiative. Rather than managing information across disparate documentation systems, we maintained a unified platform where specialists could contribute their domain expertise to relevant sections while ensuring consistency and completeness across the entire documentation package.
-
Task Assignment and Management: The task assignment functionality enabled efficient coordination of our multidisciplinary team's efforts. The ability to delegate specific documentation requirements and track resolution status was instrumental in completing the documentation efforts.
Before and After: How Z-CMS Provided More Efficient Approach
| Aspect | Manual Approach | Z-CMS Approach |
|---|---|---|
| Project Timeline | Prolonged duration to manually create comprehensive documentation covering all requirements. Several months to create EN 18031 Technical Documentation and Test Plans. | Several months to create EN 18031 Technical Documentation and Test Plans. |
| Documentation Volume | EN 18031 requires vast amounts of technical details, necessitating extensive manual data collection and documentation efforts. | Z-CMS asks minimum set of questions while generating comprehensive Technical Documentation consisting of ~60 worksheets and 400+ Decision Trees. |
| Documentation Completeness | Ensuring comprehensive coverage across all requirements without a structured approach. | Systematic questionnaires ensured all 31 EN 18031 requirements were methodically addressed with full traceability. |
| Team Coordination | Coordinating 20+ specialized engineers across disparate documentation systems and workflows. | Centralized platform unified team contributions with clear workflows and consistent structure. |
| Task Management | Ad-hoc coordination across multidisciplinary engineering team with parallel workflows. | Structured task assignment enabled efficient delegation and status tracking across technical domains. |
| Vulnerability Documentation | Adapting vulnerability data from internal management systems to meet EN 18031's specific GEC-1 format including Decision Trees for each vulnerability. | Automated data extraction from SBOM/VDR files and generation of Excel-based documentation with Decision Trees (PASS/NA/FAIL). |
| Comprehensive Guidance | EN 18031 standards provide limited guidance on interpreting complex requirements and documenting specific technical details. | Detailed examples and step-by-step guidance throughout the questionnaire clarified what needed to be documented and how to present it. |
| NB Submission Results | Potential for revision cycles to align documentation with regulatory expectations. | Technical Documentation and Test Plan accepted by NB as submitted without any modifications or clarifying questions. |
| Project Confidence | Managing uncertainty inherent in implementing newly introduced regulatory standards. | NB's established trust in Zealience documentation provided additional confidence throughout certification process. |
Pain Points and Solutions
1. Understanding Requirements and Creating Documentation That Would Pass NB Assessment
Pain Point
The EN 18031 standards provide little guidance on how to interpret complex requirements and create the required documentation. As the first harmonized standard for product cybersecurity under RED DA, EN 18031 requires comprehensive documentation of technical product details—device architecture, interfaces, communication protocols, software components, and security mechanisms—at a level of granularity not demanded by other standards. Without practical guidance, determining what information was needed and how to document it properly would have required extensive trial and error. Adding to the challenge was the inherent uncertainty regarding alignment between our documentation approach and Notified Body expectations. The novelty of EN 18031's approach to cybersecurity requirements meant risks of iterative revision cycles with the Notified Body when validating our documentation. The stress of potentially facing extensive revisions, resubmissions, and delays added pressure to an already complex project.
Solution
Z-CMS provided comprehensive guidance and examples at every stage of the documentation process. For instance, the software offered detailed explanations on how to interpret EN 18031-specific concepts such as assets and interfaces. This helped us understand how to properly classify our technologies for documentation purposes. Once we correctly declared a technology, the questionnaire provided additional guidance at nearly every question. This consistent, detailed support enabled us to accurately document our complex device within the EN 18031 framework.
The quality of documentation generated by Z-CMS, combined with VDE's established trust in Zealience's methodologies, provided substantial confidence throughout the certification process. When we submitted both our Technical Documentation and Test Plan to VDE, they accepted everything exactly as submitted—without requesting any modifications or posing clarifying questions. This seamless acceptance after just several months of work validated both the quality of Z-CMS outputs and the effectiveness of its approach.
2. Ensuring Comprehensiveness of Technical Documentation
Pain Point
For a complex device featuring numerous interfaces and advanced communication protocols, ensuring comprehensive coverage of all EN 18031 requirements while coordinating multiple engineering specialists required a systematic approach. Without a structured methodology for tracking and addressing each requirement, maintaining full traceability and completeness would be challenging, with the risk of missing critical data points, jeopardizing our certification.
Solution
The Z-CMS questionnaire methodically guided us by prompting for specific technical details and establishing clear traceability between our product architecture and regulatory expectations. By systematically ensuring we didn't overlook any critical information, the software eliminated the risk of gaps in our documentation. The result: when we submitted our Technical Documentation—consisting of approximately 60 worksheets and over 400 Decision Trees—to VDE, it comprehensively addressed all requirements and was accepted without any modifications.
3. Coordinating Input from 20 Engineers
Pain Point
Our EN 18031 compliance initiative required input from approximately 20 specialized engineerswith different domain expertise. The challenge lay in orchestrating these diverse contributions into a cohesive compliance documentation package. Without a centralized system designed for this purpose, information would have been scattered across different files, making it difficult to maintain consistency, track progress across parallel workflows, and ensure seamless integration of content from multiple specialists.
Solution
Z-CMS became the round table where our team could collaborate effectively. Instead of scattering information across different Excel files, we established a unified platform where each specialist could contribute to sections relevant to their expertise areas while maintaining overall consistency and structure. Different team members with different knowledge could input data for their specific technical domains, and everyone knew exactly where their contributions belonged. The task assignment functionality was heavily utilized, enabling efficient workflow management—we could delegate specific documentation requirements to the right people and track completion status across the teams. This centralized approach transformed what could have been complex coordination logistics into a streamlined, efficient process.
4. Meeting the GEC-1 Vulnerability Documentation Expectations
Pain Point
The EN 18031 GEC-1 requirement for documenting software components and their associated vulnerabilities posed a particular challenge. EN 18031 requires a comprehensive list of software components and their vulnerabilities—information manufacturers typically maintain in vulnerability management software. However, EN 18031 requires this data to be presented with a specific structure that includes a GEC-1 Decision Tree for each software component vulnerability, along with specific attributes and assessments. Our initial approach was to leverage our existing internal systems and submit documentation generated from our established processes. However, this documentation lacked the GEC-1 Decision Trees in the specific format EN 18031 requires.
Solution
We utilized Z-CMS's specialized feature for software components and vulnerabilities documentation. By importing our SBOM and VDR files into Z-CMS, the software automatically extracted necessary information and generated Excel-based documentation with the appropriate structure, including Decision Trees with PASS/NA/FAIL assessments and all mandated information fields. This approach eliminated the need for manual reformatting while ensuring perfect alignment with GEC-1 requirements. When we submitted this Z-CMS-generated documentation to VDE, it was accepted without questions—demonstrating the software precisely addressed the GEC-1 requirements in a way our internal systems couldn't.
Conclusion
Siemens' successful EN 18031 compliance demonstrates how Z-CMS enables organizations to efficiently navigate novel regulatory frameworks. Despite extensive experience with international standards, EN 18031 required new approaches for documenting technical product details at unprecedented granularity. Z-CMS provided the systematic questionnaire methodology, centralized collaboration platform, and comprehensive guidance needed to coordinate our 20-person engineering team and achieve seamless certification with VDE. For organizations facing EN 18031 compliance with complex products requiring multidisciplinary coordination, Z-CMS delivers the structure and guidance necessary for efficient certification process with full confidence in the outcome.