Global Market Access: Nemko Group AS Testing Services

Get Ready for New European Cybersecurity Standards in 2023

Written by Nemko | February 2, 2025

                                                                                                                                                                                       

Manufacturers and others affected may not be familiar with the European cybersecurity requirements becoming mandatory this year from 1 August, and/or familiar with the new standard EN 18031.
So how can one get up to a level to decide to which extent one’s products will meet these new requirements?
To have cyber security experts performing a gap analysis of a representative product can be a good start.
One will then get a report of the products’ relevant features versus the standard EN 18031 and description of (any) non-conformities.
This should give a good picture of what needs to be done with the chosen product for making it compliant. Often, the same or similar shortcomings in one’s other products may then become apparent too.

After having resolved non-conformities, one may select to continue with a further evaluation including detailed testing of the product(s) according to the standard and thereby get a test report, and also a certificate of conformity, if wanted.

The gap-analysis may be done isolated or partially and be part of a workshop with online or physical meetings between cyber security experts and the manufacturer, working individually with an evaluation template.
It may comprise:

  • a meeting where the principle of the standard and the functionality of the evaluation template is presented.
  • the manufacturer starts gathering documentation and using the evaluation template
  • meetings when going through what is being done and how the standard is to be interpreted for this (these) product(s) in particular.
  • Preparation of the gap analysis report.

As such, a gap analysis may be considered the first step of a full evaluation with three steps:

  • Evaluating the documentation for a product towards the standard and describe the findings.
  • The manufacturer evaluating the findings and closing non-conformities.
  • Testing the product to confirm that the documentation is correct.

The expert services indicated above are offered by Nemko’s cyber security team.

For further information or request for assistance, please contact Geir.Horthe@nemko.com

(The article is based on the information provided by Geir Horthe and edited by T.Sollie)

 
View full post