Cybersecurity Testing and Compliance

Any product that collects, stores, and transmits information via a network is vulnerable to cybersecurity risks. QIMA’s professional cybersecurity testing and certification services help you achieve compliance with cybersecurity regulations and protect your products from cyber threats.

Why Is Cybersecurity Important?

QIMA, through CCLab, offers comprehensive cybersecurity evaluations and consultations to help you ensure your products are secured against increasingly widespread cyber-attacks. With our services, you can ensure your products don’t result in loss of private information, identity theft, financial fraud, privacy violations and countless other harms to the well-being, mental and physical health, and even personal safety of the IoT device users.

A large percentage of electrical and electronic devices sold on the market and used in supply chains are connected to the internet. These are not only phones, computers and tablets, but various Internet of Things (IoT) products that include:

  • Household devices (thermostats, voice-controlled speakers)
  • Wearable tech (fitness trackers, health monitors)
  • Child and pet care products (baby monitors, pet trackers
  • Medical devices
  • Industrial control and automation systems
  • Other IoT devices

Our cybersecurity testing laboratory assesses IoT devices to minimize risk of attacks and help you sell electrical and electronic devices with confidence.

While very useful in daily life, IoT devices are particularly vulnerable to cyber-attacks, which are increasingly widespread nowadays. Cyber-attacks can result in loss of private information, identity theft, financial fraud, privacy violations and countless other harms to the well-being, mental and physical health, and even personal safety of the IoT device users of IoT devices.


How Is Cyber Security Regulated?

International regulatory bodies and governments are continuously introducing standards and regulations to ensure the security of potentially targeted electrical and electronic devices. Our cybersecurity compliance services help you ensure compliance with the following regulations and more:

  • Delegated regulation 2022/30/EU supplementing the Radio Equipment Directive (RED) 2014/53/EU (becomes mandatory August 2025)
  • ETSI EN 303 645 for consumer IoT devices (with additional guidelines in Technical Report ETSI TR 103 621)
  • ISO/IEC 15408 (also known as Common Criteria) for high security IT products
  • MDR (EU) 2017/745 / IVDR (EU) 2017/745 regulations for medical and in vitro diagnostic devices
  • ISA/IEC 62443-4-2 pertaining to the security of Industrial Internet of Things (IIoT) devices


Professional Cyber Security Compliance and Certification

Before putting a product or system on your target market, it is important to confirm that it complies with all relevant cybersecurity regulations. QIMA, through CCLab, offers professional services to help you achieve cybersecurity compliance and obtain necessary documentation easily and quickly.

Cybersecurity Baseline for Consumer IoT Devices

  • Product evaluation against applicable provisions of ETSI EN 303 645
  • Statement of conformity (upon compliance with ETSI EN 303 645)
  • Gap analysis
  • Training and consultancy: ETSI EN 303 645 compliance workshops, document templates and guidance (DUT, ICS, IXIT, additional documentation)

Common Criteria Evaluation and Consultancy

  • Evaluation for the required certification in the shortest possible time
  • OCSI (Italy) certification up to EAL4+
  • BSI (Germany) certification up to EAL5
  • Consultancy and training for your in-house team on Common Criteria documentation

MDR/IVDR – Cybersecurity for Medical devices

  • Risk assessment
  • Threat modeling
  • Penetration testing
  • Gap analysis against MDR/IVDR requirements
  • Security assessment against MDR/IVDR requirements
  • Consultancy

Industrial Control System Security

  • Component evaluation for IACS (Industrial Automation and Control System) component based on ISA/IEC 62443-4-2 requirements
  • Gap analysis against ISA/IEC 62443-4-2 requirements
  • Readiness assessment
  • Consultancy


More Resources