5 steps to compliance and cybersecurity
There are a number of aspects that help to achieve in a structured way to arrive at a law and regulation compliant product or more importantly a cybersecure product. Sometimes starting with the topics listed below can be difficult due to a lack of available capacity or knowledge. Therefore start early, invest in training and education and get as much information as possible.
- 1
List your products
It is important to understand the implications of upcoming cybersecurity legislation for all your products and the deadlines that come with it. Start with listing all current products and their expected lifetimes, their area of economic operation, as well as the directives and regulations they have to comply with.
- 2
Know your requirements
Check the current directives and regulations for upcoming cybersecurity requirements. Some examples include Radio Equipment Directive article 3.3 (d) (e) and (f), UK Product Security and Telecommunication Infrastructure Act, and upcoming NIS II and Cyber Resillience Act.
- 3
Assess the risks
Testing is usually based on the intended use of the product and the risk level of the product. With products that prove little risk to (for example) network security and personal data, limited testing based on harmonized standards may be sufficient. However, the higher the risk the higher the need for accredited testing and checking by a Notified Body.
- 4
Decide on a testing strategy
When deciding which products to test it’s important to know which standards a product will have to be tested to, who will be performing the testing and any deadlines posed by internal and external parties. If it is unclear what cybersecurity standard best applies to the product and what type of assessment may be necessary, contact your Notified Body for support.
- 5
Prepare early
The deadlines for cybersecurity requirements are approaching rapidly or have already passed in some cases. As deadlines approach independent testing laboratories usually have longer lead times due to the fact that many companies have to urgently prove compliance with the standards. Therefore, plan your testing early.