5 steps to evaluate your product according to ETSI EN 303 645

Oct 04, 2021 Digital & Product Solutions

DEKRA offers testing & certification services, as well as training and GAP analysis, for consumer IoT device manufacturers interested in meeting ETSI EN 303 645 requirements. Consult our guide to know all the details on how to evaluate your product according to this cybersecurity standard.

Many consumer IoT device manufacturers are already implementing in their products the new cybersecurity standard created by the European Standards Organization: ETSI EN 303 645. But preparing your device to meet this standard's requirements is not the only necessary step. Manufacturers should also demonstrate their devices comply via ETSI EN 303 645 with a certification issued by an independent third-party laboratory like DEKRA.
The certification process may seem tricky sometimes, as there are many technical terms and paperwork that may fatigue manufacturers. For this reason, at DEKRA we support manufacturers by offering different services for ETSI EN 303 645. From training services on how to prepare the product’s documentation for the evaluation, GAP analysis and product evaluation, to certifying the device with the DEKRA Seal.
But let's start with the main steps a manufacturer should know when requesting a certification for its consumer IoT device according to ETSI EN 303 645 standard. The very first thing would be to implement the requirements in the device. Once ready, the certification process can start:
1. Prepare device documentation: Manufacturers should prepare two types of documents for the evaluation of their products:
  • Implementation Conformance Statement proforma (ICS): where the supplier states which capabilities are implemented or supported in the product based on the provisions from ETSI EN 303 645.
  • Implementation eXtra Information for Testing proforma (IXIT): a document that contains additional necessary information to evaluate the product, especially providing design details for the testing laboratory. The IXIT is also the basis for grey-box testing methodology which is used for the assessment.
2. Send us the ICIT and IXIT documents: DEKRA will review the documents received by the manufacturer to start with the product’s evaluation.
3. DEKRA evaluates the device: DEKRA will test the product against the provisions defined in ETSI EN 303 645 to check if the device meets all the requirements and recommendations. To do so, our experts will follow the technical specifications determined in ETSI TS 103 701, where are defined how the test lab has to proceed in the evaluation.
4. DEKRA delivers a product’s evaluation report: When the assessment has been completed, an evaluation report is provided to the manufacturer with information on the evaluation, indicating if it meets ETSI EN 303 645 requirements.
5. DEKRA issues a DEKRA Seal: If your device successfully passes the evaluation, DEKRA will issue a DEKRA Seal to certify the product complies with ETSI EN 303 645 standard.
Having your products tested and certified by an independent third-party laboratory, will prove your product meets the best cybersecurity practices defined in this cybersecurity standard, and will also demonstrate you care about the security and privacy of your customers. If you want to know more detailed information on how to evaluate your product according to ETSI EN 303 645, consult our guide.
Are you interested in other cybersecurity services? At DEKRA we offer all testing & certification services manufacturers need to launch their IoT devices to any market. From Alexa Voice Service (AVS), ioXt Alliance, CTIA, GSMA, NESAS, FIPS, Common Criteria (CC), eIDAS, UNECE WP29 and LINCE, to regulatory, type approval and global market access, among others. Contact us!