Our Services

From regulatory analysis to technical implementation – we guide you on the path to cybersecurity compliance and beyond.

Product Cybersecurity Regulation

The Cyber Resilience Act (CRA) and the new Machinery Regulation require mandatory cybersecurity measures for products with digital elements starting in 2027. Beyond technical requirements, manufacturers must demonstrate a Secure Development Lifecycle, report vulnerabilities, and provide updates.

We support you with implementation:

  • Impact assessments and gap identification for CRA and other requirements
  • Compliance roadmap with milestones – from initial assessment through technical implementation to declaration of conformity
  • Standards mapping – aligning appropriate harmonized standards (EN 40000, EN 50742, EN 18031, IEC 62443, etc.) with your products
  • Support in creating technical documentation
  • Preparation for market surveillance and regulatory audits

Our team has extensive expertise in interpreting and applying EU cybersecurity legislation and accompanies you from initial analysis to successful market launch.

Approval & Certification per IEC 62443

The IEC 62443 standard family is the world's leading framework for industrial cybersecurity. Certification per IEC 62443-4-1 (Secure Product Development Lifecycle) or IEC 62443-4-2 (Component-Level Security) demonstrates your commitment to cybersecurity and opens doors in critical markets.

Our certification services include:

  • Pre-assessment and readiness checks for IEC 62443 certifications
  • Development and implementation of Security Development Lifecycles (SDLL)
  • Gap analyses against IEC 62443-4-1 and IEC 62443-4-2 requirements
  • Support throughout the entire certification process
  • Coordination with accredited certification bodies (e.g., TÜV SÜD)
  • Preparation of required evidence documentation

From our extensive experience in successful certification projects – including IEC 62443-4-1 certification for an international pump manufacturer – we know the practical pitfalls: unclear evidence requirements, interpretation gaps in standards, coordination with certification bodies. We guide you systematically through the process – from readiness assessment to successful audit.

Secure Product Development Lifecycle

The CRA requires a documented Secure Development Lifecycle (SDLC) for all products with digital elements starting in 2027. An established SDLC is also a prerequisite for IEC 62443-4-1 certification. Retrofitting one later is costly – so it's better to integrate early.

We help you establish or optimize your Security Development Lifecycle:

  • Analysis of existing development processes and security practices
  • Processes tailored to your development methods – whether waterfall, agile, or hybrid, we integrate security without hindering development
  • Integration of security requirements, threat modeling, and security testing
  • Establishing security review gates and approval processes
  • Implementation of vulnerability management and incident response
  • Training your development teams in security-by-design principles

Our approach considers your specific products, development methods, and regulatory requirements to create a practical and effective SDLC.

Security Engineering

Cybersecurity must be integrated into product development from the start. Our security engineers help you implement security-by-design in your development processes and realize technical security requirements.

Our Security Engineering services include:

  • Security Requirements Engineering – structured derivation of security requirements from threat analyses (Threat Modeling per STRIDE or PASTA)
  • Secure architecture reviews and design consulting
  • Cryptography consulting and secure communication protocols
  • Implementation of authentication, authorization, and access control
  • Code security reviews – manual review of security-critical code sections, complemented by automated static analysis (SAST)
  • Development of security hardening guides

Our experts bring deep expertise in embedded security, industrial control systems, and IoT security, working closely with your development teams.

Penetration Testing & Vulnerability Analysis

For CRA compliance and IEC 62443-4-2 certifications, documented security testing is mandatory. Our penetration tests follow structured methodologies (compliant with ISO/IEC 17025, IEC 62443-4-2, and ISO/IEC 27034) and deliver prioritized, technically sound vulnerability reports with concrete remediation recommendations.

Our testing services include:

  • Penetration testing for IoT devices, embedded systems, and industrial components
  • Firmware analysis and binary analysis
  • Protocol analysis and network penetration testing
  • Web application security testing (per OWASP Top 10)
  • API security testing and cloud security assessments
  • Physical security testing (hardware attacks, side-channel analysis)

Our reports include detailed vulnerability descriptions, CVSS-based risk ratings, and concrete remediation recommendations. We also support you in prioritizing and implementing countermeasures.

External Product Security Officer (PSO)

Not every organization has dedicated product security resources. As your external Product Security Officer, we take strategic and operational responsibility for your product cybersecurity and relieve your internal teams.

As your external PSO, we handle:

  • Strategic product security roadmap and security program management
  • Central coordination of all security activities from requirements phase to end-of-life – including vulnerability response and post-market surveillance
  • Vulnerability management and coordination of security patches
  • Security incident response and crisis management
  • Stakeholder management and communication with authorities
  • Continuous monitoring of threats and compliance requirements

We serve as the central point of contact for all product security topics and ensure your products meet current security requirements. Unlike traditional interim managers, we work with you long-term and systematically build internal security competence. You retain control; we take operational responsibility and create structures that work even after our engagement ends.

What Our Clients Say About Us

Secuvise has always supported us closely and reliably in developing our security concepts. The collaboration has been consistently constructive and collegial, exceeding our expectations. I look forward to continued partnership across all areas of cybersecurity.

Lars Wegmann
Managing Director, SE-Elektronic (Part of Fläktgroup - a Samsung company)

We faced the challenge of bringing our entire mobile robot portfolio into EN 18031 compliance under significant time pressure. Secuvise did not just provide advice, but actively supported us hands-on – from structured information gathering and gap analysis through to executing conformity testing. Without this pragmatic support, we would not have met our deadline.

Matthias Hartl
Head of Safety & Security Mobile Robots, Jungheinrich

For regulatory compliance of our products, we needed a partner who combines technical depth with practical implementability. Working with Secuvise was straightforward, and their solutions integrated well into our development process.

Achim Hugger
Head of Development, Gutermann Technology
Get in Touch

Ready for the Next Step?

Want to clarify which cybersecurity requirements apply to your products or how to implement them technically and organizationally? In a brief initial consultation, we'll assess your product context and discuss potential next steps – straightforward, structured, and without sales pressure.

100+ Compliant Products
98% Recommendation Rate
30+ Engagements Worldwide

Schedule Initial Consultation

Fill out the form. We'll get back to you promptly to arrange a brief initial call.