IoT and Product Security

We specialize in building a Life Cycle-Based Cybersecurity Capability for customers who are manufacturing or operating products with digital components. We believe in embedding security throughout the entire product life cycle, ensuring your products are secure from inception to deployment and beyond. 

Understanding the Cybersecurity Regulatory Landscape 

The cybersecurity regulatory landscape is more complex than ever before. The EU has introduced new regulations, including the Network and Information Security Directive 2 (NIS2), Radio Equipment Directive, Delegated Act Cybersecurity (RED DA CS), and Cyber Resilience Act (CRA), which impose stricter demands on cybersecurity. To build secure products, security must be integrated from the outset, utilizing a repeatable Secure Product Development Lifecycle process covering software, testing, and hardware (if applicable).  

We guide you in navigating these complexities. Our deep understanding of EU product security regulations, especially the CRA, combined with our expertise in implementing, developing, and testing products compliant with the IEC 62443 standard, ensures that your products not only meet compliance but are also resilient and secure. 

Security should be at the core of every product. Our IoT and Product Security services help you build the required secure product and software development lifecycle (SSDL) capabilities and processes, including:  

• Threat Modelling and Risk Assessment 

• Secure Component Selection and Review 

• DevSecOps Pipelines 

• Secure Design and Architecture 

• Vulnerability Management 

• Supply Chain Management 

• Secure Software Development and Training 

• We also provide technical testing and assessments through our device lab, verifying your product's security level and ensuring your source code is hardened against known and potential threats. 

Our Governance and Compliance services are designed to guide you through EU product security legislations such as NIS2, RED DA CS, and CRA. By adhering to globally recognized standards like IEC 62443, ETSI EN 303 645, and FIPS 140-3, we ensure your products are not only compliant but also resilient against evolving cyber threats.  

We strengthen your knowledge and capabilities with the following services: 

• Gap Analysis 

• Compliance Roadmap 

• Process and Documentation Development 

• Compliance Implementation Support 

• Internal Audit 

• Training and Knowledge Transfer 

• Compliance Monitoring 

Automation is key to staying ahead in cybersecurity. Our Product Security Tooling service offers both automated tooling and professional services designed to enhance product security. From Code Security Reviews such as SAST, DAST, and SCA to meticulous manual assessments, we cover all aspects of securing your product's software and hardware. We can also provide tools to fulfil the EU requirements for the software bill of materials (SBOM) and offer a solution where you can centralize monitoring and management of all your software’s vulnerabilities.  

Product Life Cycle Partnership 

Our Product Life Cycle approach provides a value-based, security-driven partnership encompassing a wide range of services, from essential compliance to advanced security capabilities. Whether you're starting from scratch or enhancing existing processes, we can build, operate, and transfer the necessary teams and capabilities to your organization. Our Product Life Cycle Partnership consists of modular services and will be tailored to fit your needs and environment.