Cyber security approval of products

Safeguard your internet-connected device against cyber-attacks with cyber security approval

When developing new, smart products that will connect to the internet, it’s crucial to consider cyber security. Intelligent products are rarely clever enough to avoid hacker attacks on their own.

As part of your 'security by design' strategy, it’s important to qualify the IoT solutions implemented in your product. The aim is to ensure that the implemented solutions are correctly designed and functioning as intended, and to increase confidence that your newly developed product can withstand the challenges it may face in the real world. A technical review of cyber security should thus be a natural part of quality assurance for new products.

We offer approval and certification to international standards

At FORCE Technology, we can test and certify product compliance with the following cyber security standards:

ETSI EN 303 645

ETSI EN 303 645 is a cyber security standard that specifies a range of functional requirements for consumer products, as well as some process-related requirements. The standard focuses on basic security requirements, such as prohibiting universal passwords, ensuring sensitive information is stored securely, and allowing software updates. It is suitable for products that require a solid foundational level of security.

UL2900-1

UL2900-1 is a general security standard applicable to almost any product with a network connection. It is based on a risk analysis that leads to the implementation of appropriate security features. The standard also sets requirements for functions like encryption, password management, and vulnerability handling. To support the validation of the implementation, it includes requirements for areas like penetration testing and code analysis. This standard is well-suited for products with relatively high complexity that require a tailored security solution.

IEC 62443

IEC 62443 is a series of standards for cyber security in industrial automation systems. The standards cover requirements for components and systems sold by manufacturers, as well as requirements for integration and operation in specific facilities, ranging from small systems to large factories.

At FORCE Technology, we can approve products according to IEC 62443-4-1 and 62443-4-2, which are the two standards covering general requirements for products to be sold for various solutions.

What are the benefits of cyber security approval?

A cyber security approval enhances trust in the product and ensures its quality. The end result of the approval process typically includes an Attestation of Conformance (AoC) or a certificate, along with a test report. These documents can serve as proof that products comply with the relevant standards and demonstrate that your product includes a validated security solution and the specific security features it contains.

What does cyber security approval involve?

A cyber security approval typically covers several areas and is tailored to the specific product being approved, as not all aspects will be relevant to every type of product.

Common aspects of a cyber security approval include:

Review of documentation on design, setup, and usage
Review of risk analysis
Examination for known vulnerabilities
Source code analysis
Validation of functional security requirements

In safe hands with us

We participate in international standardisation work in cyber security and stay updated on standards and current security requirements in the electronics field. Our specialists have many years of technical experience in electronics, IoT, and cyber security, and are well-versed in the pitfalls of internet-connected products, whether they are used in industrial or consumer settings.

FAQ

How long does an approval take?
It depends on the type of approval and the complexity of the product to be approved. A simple product that must be approved according to ETSI EN 303 645, where documentation is ready and complete, will typically be completed in 2 to 3 days. An approval according to UL2900-1 or IEC 62443 will typically take 1 to 2 weeks if all documentation is prepared.
How is a typical approval carried out?
The approval process will typically be divided into 4 phases:
1. Planning of the process
2. Acquisition of documentation
3. Approval according to the standard(s)
4. Project completion
How much does an approval cost?
The price depends on the scope. An approval according to ETSI EN 303 645 can be carried out for approx. DKK 50,000, whereas approvals according to UL2900-1 and IEC 62443 will typically be more expensive. It also depends on how much documentation is ready and how much we have to assist in the preparation of documentation.