🚚 As a Supplier

Overview

The assessment process for IoT product suppliers involves a detailed and systematic approach to ensure compliance with the ETSI EN 303 645 standard. This process is designed to verify that your IoT products meet essential security specifications. Below is the step-by-step flow of the assessment process from the supplier's perspective:

1. Fill out the Device Under Test (DUT) Information form

What? Provide comprehensive product information.
How? Fill in your product's technical specifications, such as configuration and operating system, along with organizational contact information and the designated contact person.

2. Fill out the Implementation Conformance Statement proforma (ICS)

What? Demonstrate compliance with ETSI EN 303 645.
How? This requires indicating how your product adheres to the provisions set out in ETSI EN 303 645. You need to provide explanations and attach supporting documents as evidence of compliance. This includes detailing how your product meets each specific provision and identifying relevant entries in the Implementation eXtra Information for Testing proforma (IXIT) table that are associated with these requirements.

3. Fill out the Implementation eXtra Information for Testing proforma (IXIT)

What? Detailed technical specifications for assessors.
How? This step involves completing the IXIT proforma to outline specific technical aspects of your product. This includes details on password generation mechanisms, your company's vulnerability disclosure policy, and the processes for software updates. The aim is to give assessors a clear understanding of the security measures and protocols your product incorporates.

4. Provide Evidences

What? Support your compliance claims with documentation.
How? Submit additional evidence such as design documentation, conformance testing results, and user guidance documents to reinforce your compliance assessment.

5. Send Product

What? Facilitate physical testing of the product.
How? In compliance with ETSI EN 303 645, you need to send your physical device to a third-party assessor for testing, so you should provide details about the sender and product packaging.

6. Read the Summary and Export Your Data

What? Review and submit your submission.
How? Review all the details you have submitted and be able to export the data for your records.

7. Wait For Your Evaluation Results

What? Receive and understand the assessment outcome.
How? Access the assessment results, either from a third-party assessor or from self-assessment. Receive a detailed compliance and gap analysis report, along with the option to download and share your certification label.

🧪As a Third Party Assessor

Overview

As a lab or assessor, your role is to evaluate the compliance of IoT products with the ETSI EN 303 645 standard. The following sections outline the process flow for assessors:

1. Verify the DUT Form Section

What? Verify the accuracy of supplier information.
How? Review all the information filled in the DUT form by the supplier. Ensure that all the provided details are valid and accurate.

2. Review ICS and IXIT information

What? Assess supplier compliance.
How? Evaluate the supplier's responses to the requirements questionnaire. Examine all provided evidence and IXIT entries to validate compliance for each provision.

3. Provide the Evaluation Result

What? Finalize and communicate the assessment.
How? The lab finalizes the evaluation, providing a compliance assessment report and certificate. Following this, a certification label is issued for compliant products. Both the lab and the supplier have access to a dashboard showing these results, ensuring transparency in the process.