How It Works

CyberExpert is a guided compliance platform designed to help manufacturers of internet-connected wireless devices meet cybersecurity requirements under the EN 18031 cybersecurity standard family and the Radio Equipment Directive (RED) cybersecurity requirements.

It combines structured data collection, automated risk analysis, and intelligent assistance to turn complex regulatory expectations into a clear, step-by-step workflow.

Beyond compliance, the platform supports the entire product lifecycle—from early design decisions to post-market maintenance—ensuring cybersecurity is built in, not added later.

Built for the Full Product Lifecycle

CyberExpert is not only a compliance tool—it is a continuous cybersecurity management platform.

From early design stages

The platform supports product development from the very beginning by providing:

Clear, actionable security practices for design and engineering teams
Guidance aligned with EN 18031 requirements
Early visibility into expected risks and controls

This allows teams to design with compliance in mind, reducing costly redesigns and accelerating time-to-market.

During development and validation

As your product evolves, CyberExpert continuously aligns:

Assets
Risks
Security requirements

ensuring consistency between architecture, implementation, and compliance expectations.

After product release

Cybersecurity does not stop at launch. The platform includes a Vulnerability Monitoring Service that helps you (currently in beta):

Track known vulnerabilities (CVEs) relevant to your product
Maintain an up-to-date vulnerability inventory
Link vulnerabilities to affected assets and requirements
Support ongoing compliance and incident response

This ensures your product remains compliant and secure throughout its operational lifecycle.

A Structured, End-to-End Compliance Journey

Rather than treating compliance as a static checklist, CyberExpert builds a living model of your product—linking assets, risks, and requirements into a single traceable system.

You move through five key stages:

1. Product Scoping & Questionnaire

Define what your product is, how it works, and where it operates.

You'll answer a guided set of questions covering:

Device functionality and use cases
Connectivity (Wi-Fi, Bluetooth, cellular, etc.)
Deployment environment and user interaction
Exposure to external systems and networks

These inputs determine:

Applicable cybersecurity scope
Relevant threat landscape
Compliance pathway under EN 18031

The platform ensures consistency and completeness, while the AI assistant helps interpret questions and suggest accurate answers.

2. Asset Collection & Categorization

Build a structured inventory of everything that matters for security.

CyberExpert automatically identifies and organizes:

Hardware and firmware components
Software modules and services
Communication interfaces and protocols
Configuration and access points

Each asset is categorized and linked to security relevance, forming the foundation of your compliance model.

3. Asset Refinement & Customization

Align the platform model with your real-world system architecture.

You can:

Edit or expand generated assets
Add product-specific components
Group assets into domains (e.g., communication, storage, control)

This step ensures:

Accuracy of the system representation
Strong traceability between assets and risks
Better alignment with internal design and documentation

4. Automated Risk Assessment

Turn your product model into a risk-driven security analysis.

The platform automatically:

Identifies applicable threats
Assigns likelihood and impact levels
Generates risk ratings across all relevant assets

You get a comprehensive view of your product's security posture, which you can refine if needed. This ensures compliance is risk-based, not just requirement-driven.

5. Requirements Generation & Compliance Mapping

Translate risks into actionable, standards-aligned requirements.

CyberExpert produces:

A tailored set of cybersecurity requirements
Direct mapping to EN 18031 clauses
Traceability between risks, assets, and controls

You can enrich each requirement with:

Implementation details
Supporting evidence
Justifications and documentation

The result is a complete, audit-ready compliance package.

Integrated AI Assistance

Every step is supported by an embedded AI assistant that helps you move faster and with confidence. It can:

Extract relevant information from uploaded product documentation
Suggest answers based on context and best practices
Explain requirements and expected evidence
Provide practical guidance on implementation

This reduces manual effort and ensures consistency across the entire process.

Optional Expert Support & Testing

CyberExpert is designed for both:

Self-assessment workflows, and
Professional evaluation support

As part of the broader QIMA ecosystem, the platform can be extended with:

Expert reviews and validation
Independent testing services (in development / optional)
Certification support workflows

This allows you to scale from internal preparation to full external validation when needed.

From Input to Compliance—Fully Connected

CyberExpert connects all parts of your compliance journey:

Product → Assets → Risks → Requirements → Evidence

This structured approach ensures:

Full traceability
Reduced compliance gaps
Faster review and approval cycles

Built for Real-World Products

The platform is designed to handle the complexity of modern connected devices—where cybersecurity depends on interactions between hardware, software, and networks.

Instead of navigating fragmented standards and spreadsheets, CyberExpert provides:

A centralized compliance environment
Intelligent automation
Practical, actionable outputs

By the end of the process, you have:

A clearly scoped product definition
A structured and validated asset inventory
A documented risk assessment
A tailored, EN 18031-aligned requirement set
Supporting evidence ready for review

All in one place—consistent, traceable, and ready for compliance validation.