Cybersecurity Certification Services
Companies who chose us
What is the IECEE CB Scheme?
The IECEE CB Scheme is the largest international certification scheme for electrical and electronic products and components (including IoT products).
Its goal is to facilitate the international trade of manufacturers in more than 50 member countries. This is achieved through the IECEE multilateral certificate recognition system based on international standards. Its members use the principle of mutual recognition of test results to obtain certification or approval at national levels around the world.
This global concept reduces trade barriers caused by different certification criteria in different countries and helps the industry to access new markets. The CB scheme removes the significant delays and costs of multiple testing and approval and it allows the industry to market its products faster. That’s why the CB Certificate can be called an international product passport.
How does the multilateral recognition of IECEE the CB Scheme work?
The CB Testing Laboratory (CBTL) of the National Certification Body (NCB) carries out the relevant tests based on the applicable international standards and completes the CB Test Report. This will be reviewed and validated by the NCB, which will subsequently issue a CB Test Certificate.
When wishing to sell his/her products in other countries, the applicant sends the CB Test Certificate and associated CB Test Report to the participating NCBs located in countries of the target markets.
After an administrative review of the CB Test Certificate and CB Test Report, the relevant Certification Bodies will issue their national certification, normally without any re-testing of the product, because they recognize and have confidence in the testing and assessment that have already been done.
How can I obtain a IECEE CB Certificate and Test Report?
Our parent company QIMA is a German National Certification Body in the IECEE CB Scheme. CCLab is authorized to issue the necessary Test Reports as a CB Testing Laboratory and QIMA will issue the CB Certificates.
Certification according to
Radio Equipment Directive (RED)
Only safe products can be placed on the EU market. Products using radio telecommunication shall comply with the Radio Equipment Directive (RED) 2014/53/EU. It is supplemented by the Delegated Regulation (EU) 2022/30 that extends the application of RED to internet-connected radio equipment to cover the related cybersecurity risks.
Manufacturers have to perform conformity assessments of such devices before drawing up the EU Declaration of Conformity and affixing the CE Marking. The assessment shall involve the necessary tests to verify if the device is appropriately protected against cybersecurity threats.
The lack of the necessary competencies and capabilities to perform cybersecurity tests, the manufacturer may request an accredited testing laboratory to carry out these tests in a competent manner. The Manufacturer shall put the test reports and certificates into its technical file to prove that all the necessary tests were performed to ensure compliance with the essential requirements of the Radio Equipment Directive.
CCLab possesses an accredited testing laboratory that is capable of performing the applicable cybersecurity tests. CCLab is a partner testing laboratory of the European Notified Body of CerTrust (Notification ID 2806), thus we can offer the EU-Type Examination Certificate of CerTrust based on our cybersecurity testing.
Read and learn more about the Radio Equipment Directive (RED), download our free material now.
Guide for Radio Equipment Directive (RED)
IoT device certification according to ETSI 303 645
Nowadays, more and more products are connected through the internet and communicating with each other. These are the so-called “Internet of Things” (IoT) devices. This feature raises significant risks via cyberspace, which directly and indirectly affect the health and safety of persons, domestic animals, and property.
The General Product Safety Regulation (EU) 2023/988 requires that only safe products can be placed on the EU market. This new regulation emphasizes the cybersecurity risks as well. Where products are subject to specific safety requirements imposed by Union law, this Regulation applies only to those aspects and risks or categories of risks that are not covered by those requirements.
Manufacturers must perform conformity assessments of such devices before placing them on the market. The assessment shall involve the necessary tests to verify if the device is appropriately protected against cybersecurity threats.
In the need for the necessary competencies and capabilities to perform cybersecurity tests, the manufacturer may request an accredited testing laboratory to carry out these tests in a competent manner. The Manufacturer shall put the test reports and certificates into its technical file to prove that all the necessary tests were performed.
CCLab is an accredited testing laboratory that is capable of performing the applicable cybersecurity tests of IoT devices according to the European standard ETSI EN 303 645. CCLab is a recognized laboratory of the QIMA certification body under the IECEE CB Scheme. Based on our test reports we can provide CB certificate for consumer IoT devices.
Download our ETSI EN 303 635 infographics today and learn about the product certification process for this consumer IoT device cybersecurity standard.
ETSI EN 303 645 infographics for Consumer IoT devices
IoT device certification according to UK PSTI
After leaving the European Union the United Kingdom (UK) independently determines its cybersecurity regulations and has exited the cybersecurity framework of the European Union (EU). The UK has its national laws and standards for addressing cybersecurity issues and is not obligated to automatically adopt EU regulations or directives in this area.
The PSTI, or Product Security and Telecommunications Infrastructure, is a regulatory system applicable in the United Kingdom.The PSTI Act received Royal Assent in December 2022, and the draft of the PSTI (Security Requirements for Relevant Connectable Products) Regulations was published in April 2023. These regulations were officially enacted on September 14, 2023. The relevant part of PSTI Act regulating consumer connectable product security will become effective on April 29, 2024.
Starting from that date, manufacturers of consumer connectable products in the UK will be obligated to meet the prescribed minimum security requirements.
These requirements are derived from the UK’s Code of Practice for Consumer IoT security, the globally recognized standard ETSI EN 303 645 for consumer IoT security, and guidance from the National Cyber Security Centre, the UK’s technical authority for cyber threats. The regulatory framework also ensures that other entities within the supply chains of these products fulfill their responsibilities in preventing the sale of insecure consumer products to UK consumers and businesses.
CCLab is an accredited testing laboratory that is capable of performing the applicable cybersecurity tests of IoT devices according to the European standard ETSI EN 303 645 and UK PSTI requirements for both the EU and UK markets depending on the needs. Furthermore, CCLab can provide a non-accredited certificate of conformity on the cybersecurity conformance of connectable devices. Based on our test reports, as a recognized laboratory of the QIMA certification body, we can provide CoC (Certificate of Conformity) for connected (wired and wireless) devices.
IIoT device certification according to ISA/IEC 62443-4-1 and/or 62443-4-2
In the rapidly evolving digital landscape of the industrial sector, the need for heightened cybersecurity in Industrial Automation and Control Systems (IACS) stands paramount.
For developers and manufacturers of Industrial Internet of Things (IIoT) systems and industrial control components cybersecurity testing and certification is crucial in the high-risk industrial environment. Compliance with the international standard IEC 62443-4-2 through comprehensive evaluation ensures that their industrial control systems and components are reliably safeguarded against cybersecurity threats.
The product development life-cycle is a significant element of the conformity assessment process according to IEC 62443-4-1. Under the umbrella of security management, besides the secure-by-design principles and defense-in-depth strategy, the evaluation also includes the management of security-related issues and updates.
Our agile, accredited Cybersecurity Testing Laboratory performs in-depth evaluations of industrial control system components according to ISA/IEC 62443 standard series.
ICS components are typically:
- Embedded devices (PLC, IED, RTU, SIS)
- Network devices (switches, routers, firewalls, VPN terminator)
- Host devices (workstation, server, HMI)
- Software application (specific applications for IACS)
The primary goal of the ISA/IEC 62443 standards is to establish a flexible framework that addresses current and future vulnerabilities in IACS while facilitating the execution of necessary mitigating measures systematically. The IEC 62443 standards aim to enhance business IT security needs, combining them with IACS' unique requirements for constant availability and assured integrity.
CCLab as a CB testing laboratory within the IECEE CB Scheme is capable of performing the applicable cybersecurity evaluations of IIoT devices’ development life-cycle according to the ISA/IEC 62443-4-1 and the component’s security capabilities according to ISA/IEC 62443-4-2. CCLab is a recognized laboratory of the QIMA national certification body under the IECEE CB Scheme. Based on our test reports we can provide CB certificate for industrial automation and control systems, IIoT devices.
Testimonials
Kenneth Lasoski
Versa Networks
Evaluation team was extremely reasonable and flexible with resolution to findings and was helpful in finding agreeable solutions for CB comments. Consultation team was always responsive and helped shape the documentation for easier evaluation, and provided useful recommendations on satisfying SFR/SARs.
Thierry Bonda
Landis+Gyr
CCLab was well prepared, flexible during the whole evaluation process, and supported us with continuous communication and guidance. Many lessons were learnt during the project and CCLab has always been looking for solutions, supporting our developers the best way they could. The new Swiss evaluation methodology was a good and professional basis to work with, but both parties had to learn how to deal with it.
Jake Nelson
Corsec Security Inc.
The relationship between Corsec and CCLab has been instrumental in helping product vendors successfully complete the Common Criteria certification process. As a Common Criteria consultant to the product vendor, Corsec relies on CCLab’s responsiveness and expertise to quickly and thoroughly complete the testing component of the process. CCLab has been essential in managing multiple projects, their professionalism has helped ensure product vendor satisfaction and ultimate project success.
Alexander Testov
AO Kaspersky Lab.
"I would definitely recommend CCLab to anyone in need of Common Criteria certification. Our cooperation was comfortable, well organized and efficient. I am totally satisfied with the result."
Dayton Marcucci
HID Global
The CCLab team gave us full support to adapt to the changes during product development. Whatever the challenges faced they could keep the due dates and we were able to complete the process quickly and efficiently. The real agile lab helped our success. We are going to work with them again. I highly recommend them to anyone wanting to get its product certified.
Jaime Chica
NXP Semiconductors
It was a well-managed project which achieved success in an effortless manner.
Kalev Pihl
SK ID Solutions
We needed a lab that works quickly but with high work morale and quality of work. CCLab is exactly like that! It was good cooperation experience to work with them. The project was rather complex and our expectations maybe even too high, but the team was committed to the common goals and could keep the milestones; therefore we were able to deliver what was needed. I highly recommend CCLab team to anyone for their great team spirit, quality orientations, agility and reasonable pricing.
Israr Ahmed
Ascertia Ltd.
On behalf of Ascertia, accept my appreciation for the excellent job done by CCLab team over the past several months in achieving the Common Criteria Certificate for ADSS Server SAM solution. It was an enormous undertaking but went smoothly and efficiently! Thanks to your leadership and dedication combined with your staff's teamwork and energy, we achieved our target. You and your employees should take great pride in this accomplishment. We look forward to extend our work with you for our next certification milestone and hope will continue to get such excellent service.
Zsolt Rózsahegyi
I4P Informatics Ltd.
Thanks to the agile processes we've been able to add new features to the product during the evaluation that made it even more valuable to customers. CCLAB efficiently supported us throughout the whole change management process. The predictability, accurate scheduling, and supportive mindset helped us to finish the project in time.