Compliance & Assessment Services

ETSI EN 303 645

IoT Product Security/Privacy Protection ETSI EN 303 645

ETSI EN 303 645

After nearly 10 years of development, the implementation of the Internet of Things in various industries has begun to accelerate. While bringing convenience to consumers, cybersecurity issues have gradually emerged. The IoT devices are frequently attacked by hackers since the products' security is insufficient. In view of this, ETSI (European Telecommunications Standards Institute) released the IoT product security/consumer privacy protection standard ETSI EN 303 645 in 2020, covering IoT products including wearable health tracking devices, smart voice assistants, smart home systems, video surveillance cameras, smart refrigerators, washing machines, etc.; compliant with the ETSI EN 303 645 standard to ensure the security of IoT devices and protect consumers' privacy and personal information.

ETSI EN 303 645 Security Standard Covering 13 Categories

There are 13 categories from different areas are covered by ETSI regulations and requirements for IoT product security and privacy.

  1. No universal default passwords.
  2. Implement a means to manage reports of vulnerabilities.
  3. Keep software updated.
  4. Securely store sensitive security parameters.
  5. Communicate securely.
  6. Minimize exposed attack surfaces.
  7. Ensure software integrity.
  8. Ensure that personal data is secure.
  9. Make systems resilient to outages.
  10. Examine system telemetry data.
  11. Make it easy for users to delete personal data.
  12. Make installation and maintenance of devices easy.
  13. Validate input data.

ETSI EN 303 645 Testing Flow

ETSI EN 303 645 測試流程

Onward Security IoT Product Security/Privacy Compliance Consultant

ETSI EN 303 645 provides a basic cybersecurity requirement that enables products to withstand critical cybersecurity threats and comply with GDPR requirements to protect personal data and consumer privacy. Onward Security is the only ETSI EN 303 645 testing lab authorized by TAF ISO 17025 in Taiwan; it builds a testing environment and conducts detailed tests according to the physical products and related technical documents. The entire test results correspond to ETSI regulations and requirements, and it provides customers with product test reports, as well as elaborates the test results and professional advice.

At present, the regulations or schemes of many countries have adopted the ETSI EN 303 645 standards, including EU CSA, RED, Singapore CLS, and more. Onward Security ISO 17025 security labs in Taiwan and Japan are both ETSI EN 303 645 authorized and able to provide testing and consulting services to local IoT device manufacturers to ensure their products comply with local cybersecurity directives and privacy protection standards that can be time to market successfully.