IoT cybersecurity
compliance
made easy
Zealience is a compliance management software designed to help IoT manufacturers prepare for upcoming EU cybersecurity regulations, such as EU Radio Equipment Directive DR, EU Cyber Resilience Act, and UK Product Security and Telecommunications Infrastructure
What is Zealience?
Zealience assists you to perform the activities required for compliance to ETSI EN 303 645. This standard is regarded as the best interim standard for consumer IoT devices to prepare for the upcoming EU regulations. Zealience was developed by testers with the objective to minimize your compliance work, while maximizing your chance of successful compliance.
Head start of your compliance
IoT manufacturing is a competitive business. Zealience gives you a head start of your compliance journey so that you can place your compliant devices faster on the market and stay ahead of your competitors.
On-prem deployment
Zealience is deployed on your premises. Your IP and data remain under your control. This is more secure than SaaS solutions where they put your data in the third-party cloud, increasing the risk of IP theft.
Timely updates on IoT regulations
The regulatory and technological landscapes are ever-chaging. Learn about important changes and the implications for your devices so that you can prepare in good time.
Full customer support
Whether you need support for our software or technical advisory related to compliance, our team is available to help you.
How can Zealience help your IoT Security Compliance?
Automatic & quick scoping of applicable requirements
Zealience provides you with a straightforward and intelligent procedure to identify only the
applicable requirements for your device. It prevents you from wasting time on unnecessary
work.
At the beginning of your project, you will be asked a number of yes-or-no questions. Simply answer
them and let Zealience automatically scope your project.
Guidance provided at each step of compliance activities
Zealience breaks down complex cybersecurity topics into actionable steps so that you can get
started right away on your own. Along each step, clear guidance is provided to assist you on
how to best demonstrate compliance.
With this functionality, you do not have to read 250 pages of the standard to figure out what
is required at each step of your compliance activities. Simply follow along with Zealience's
guidance to incrementally learn and complete activities.
Intelligent Q&A to complete documentation quickly and accurately
In order to demonstrate compliance with ETSI EN 303 645, you must complete a documentation
exercise (i.e. filling in the so-called "IXIT" forms), the major challenge for manufacturers
as it requires deep technical knowledge and a lot of time. Imagine that you have to flip
through 250 pages of the standard to figure out how to fill in each document!
Zealience is thus designed to make this documentation exercise easy by providing intelligent
Q&A (different questions are asked based on your previous answers) that you can simply follow
along. Based on our experience as testers, we carefully crafted the Q&A to ensure the completeness
of the documentation.
Instant feedback when a risk of non-compliance is identified
As you fill in documents, Zealience automatically identifies risks of non-compliance and
highlights the reasons behind. This instant feedback allows you to address the risks early
on, minimizing the costs to remediate them. The identified risks will be aggregated in a
risk register, providing you with a single place to track the overall compliance status.
The image shown here demonstrates a typical example of Zealience's risk identification feature.
When you answer our questions in a certain way that is considered a risk of non-compliance, we
highlight it immediately and explain the reasons behind. The current implementation of this feature
is able to cover 50% of gap analysis (Equivalent to 50% of conceptual tests). Our target is to
increase this number to 100%.
Automatic tracking of risks of non-compliance
Once the risks of non-compliance are identified, they are aggregated in a risk register. This offers a single place for you to track and review your compliance risks. As you continuously work on the compliance activities, the risk register can frequently change; you may add or delete risks in the risk register or update existing risks with new risk treatments in your effort to remediate them. Without automation, managing your risks can quickly be out of hand. Zealience thus provides a single place to manage your risks of non- compliance.
Automatic generation of required documents
Based on your inputs, Zealience automatically creates all required documents (i.e. ICS, IXIT
forms, and risk register) in the .xls format which can be downloaded with a single click.
This saves 50% of manual typing compared to filling everything by hand.
All the documents generated by Zealience are of high quality; the information is populated according
to the expectation of the standard. This results in complete and accurate documentation which
will ease and fasten the review work of the tester.
Knowing that Zealience already covers 50% of the gap analysis, you can then send the documents
to 3rd party labs for them to complete the rest or get your device certified.
Why ETSI EN 303 645?
Best interim standard to prepare for the upcoming EU security regulations
It is generally accepted among the Conformity Assessment Bodies that ETSI EN 303 645 is the best interim standard to prepare for the Radio Equipment Directive DR and the Cyber Resilience Act. This is supported by the European Standardisation Organisation (ESO) ETSI who published a mapping in ETSI TS 103 929 (*1) between the provisions of ETSI EN 303 645 and the essential requirements of the Radio Equipment Directive DR(*2).
*1: ETSI TS 103 929 v1.2.1; *2: Annex 1 of Commission Implementing Decision C(2022)5637 (https://ec.europa.eu/transparency/documents-register/detail?ref=C(2022)5637&lang=en)
Globally acknowledged as the best standard to demonstrate cybersecurity
ETSI EN 303 645 is well acknowledged globally and regarded as the reference standard for consumer IoT devices. Some countries have already introduced their own device security regulations, allowing manufacturers to use this standard to demonstrate compliance (e.g. UK Product Security and Telecommunications Infrastructure (PSTI)). Similarly, Finland's national consumer IoT certification scheme and Singapore’s national Cybersecurity Labelling Scheme are built on ETSI EN 303 645.
Get a free consultation to prepare for the upcoming regulations
coming soon...
Included in the free consultation:
1-hour video conference
Tailored roadmap for your compliance