Cybersecurity Testing and Compliance

Why Cybersecurity Matters

Products today are increasingly connected. They collect data, communicate over networks, and rely on software to function. This connectivity brings clear benefits - but it also introduces risks that can affect users, businesses, and society.

Cybersecurity failures can result in loss of personal data, privacy violations, financial fraud, disruption of essential services, and, in some cases, risks to physical safety. These risks affect consumer devices, medical products, IoT products (requiring IoT cybersecurity testing), vehicles, industrial systems, and critical infrastructure every day.

As a result, cybersecurity is no longer optional. It is a fundamental requirement for products with digital elements.

Cybersecurity Regulations, Standards, and Certification

To address cybersecurity risks, governments and regulators have introduced a combination of regulations, standards, and certification schemes that apply to products placed on the market.

Manufacturers are increasingly required to demonstrate that cybersecurity risks are identified, assessed, and managed throughout the product lifecycle - from design and development to deployment, updates, and end-of-life. Compliance may involve applying recognized standards, undergoing independent testing, and, in some cases, obtaining formal cybersecurity certification.

Examples of commonly applicable frameworks include:

• Cyber Resilience Act (CRA)

• Radio Equipment Directive (RED) for radio equipment compliance

• ETSI EN 303 645 Consumer IoT Device Cybersecurity

• ISO/IEC 15408 (Common Criteria) and EU Cybersecurity Certification Scheme (EUCC)

• IEC 62443 Industrial Control System Cybersecurity

QIMA, through CCLab - a QIMA company, helps manufacturers understand which requirements apply and how to address them in practice.

Cybersecurity Services

Meeting cybersecurity requirements involves a combination of technical assessment and formal compliance activities. QIMA supports organizations through three complementary cybersecurity services:

• Cybersecurity Evaluation – Structured cybersecurity evaluation services for hardware and software products, focused on identifying vulnerabilities and supporting effective remediation through vulnerability assessment, penetration testing, and related evaluation activities.

• Common Criteria Consultation – Preparation and readiness support for Common Criteria and EUCC certification projects, IEC 62443 and CRA, helping teams align documentation, processes, and product scope before formal evaluation.

• Cybersecurity Certification– Support for formal certification under recognized schemes, providing independent confirmation that defined cybersecurity requirements are met.

These services can be used independently or together, depending on product maturity and regulatory requirements.

Cyberexpert – Supporting Product Cybersecurity Compliance

Cyberexpert is QIMA’s IoT cybersecurity testing compliance platform, designed to support manufacturers in understanding and addressing applicable cybersecurity requirements. It helps teams assess regulatory scope, map product‑specific cybersecurity requirements, and prepare structured evidence to support evaluation and certification activities.

Cyberexpert complements QIMA expert‑led cybersecurity services by improving readiness, coordination, and traceability across product development and compliance activities.

Cybersecurity by Industry

Cybersecurity requirements vary depending on how products are used, the environments they operate in, and the risks they introduce.

QIMA supports cybersecurity across a wide range of industries and product types by aligning evaluation, certification, and compliance activities with real world product contexts.

Examples include:

• Energy – IEC 62443, product cybersecurity regulations for connected equipment

• Medical Devices – MDR/IVDR, IEC 62304, ISO 14971, health software cybersecurity requirements

• Smart Metering – Common Criteria, IEC 62443, RED

Support is determined by product characteristics and regulatory context, not by industry label alone.

Cybersecurity Resources

In addition to core services, QIMA provides resources to help organizations understand cybersecurity requirements, build internal capability, and stay informed as regulations and threats evolve.

These include:

• Events including conference participation, where QIMA cybersecurity experts share insights through live sessions and on‑demand content

• Training and consulting focused on specialized Common Criteria services for cybersecurity conformity assessment bodies, regulatory authorities, and IT security evaluation laboratories

• Downloads such as guides, infographics, and checklists supporting compliance and security improvement

• Blogs providing updates on cybersecurity risks, regulatory developments, and best practices - The Radio Equipment Directive Explained: Everything You Need to Know About RED Cybersecurity Requirements.

• Frequently Asked Questions (FAQs) addressing common cybersecurity, evaluation, and certification topics

• Practical approach to consumer IoT cybersecurity webinar - latest updates to consumer IoT security

• Electrical and Electronic Product Testing – learn more about QIMA’s product inspection and lab testing services for a wide range of electrical and electronic products

Laboratory Accreditations and Recognized Expertise

QIMA or CCLab cybersecurity services are delivered through accredited and internationally recognized laboratories and evaluation facilities.

We hold the following accreditations and recognitions:

• ISO/IEC 17025:2018 accredited testing laboratory, accredited by NAH

• Accredited IT Security Evaluation Facility (ITSEF) under the European Union Cybersecurity Certification Scheme (EUCC), operating at the Substantial and High assurance level

• Licensed IT Security Evaluation Facility (ITSEF) under TrustCB, authorized by the Dutch National Cybersecurity Certification Authority (NCCA)

• Licensed IT Security Evaluation Facility (ITSEF) under OSCI, authorized by the Italian National Cybersecurity Certification Authority (NCCA)

• Accredited CB Testing Laboratory (CBTL) under the IECEE CB Scheme, supporting cybersecurity certification for ETSI EN 303 645 and IEC 62443-4-1 / 62443-4-2

These accreditations ensure that our QIMA’s cybersecurity testing, evaluation, and certification activities meet internationally recognized quality, competence, and independence requirements.

Contribution to the Cybersecurity Profession

QIMA actively contributes to the cybersecurity profession through participation in international associations, working groups, and standards activities. Our experts are involved in regulatory interpretation work and technical discussions that help shape how cybersecurity standards and certification schemes are applied in practice.

This includes engagement with organizations such as ENISA, EUROSMART, and the International Security Certification Initiative (ISCI), helping ensure that QIMA's cybersecurity services remain aligned with current and emerging expectations.

Talk to Our Cybersecurity Experts

If you are developing, manufacturing, or maintaining connected products and need support with cybersecurity testing, compliance, or certification, QIMA can help.