Product vendors and service providers can start their journey in certification by getting familiar with the industry cybersecurity standards related to their product or service. The applicable standards will be defined by which one of the different EU Certification Schemes is applicable to the product, service, or process. Once the organisation is familiarised with the documentation it should start to include the cybersecurity requirements into their products and services and adopt any processes that may be required by the standard.

Often, creating a cybersecure product, service or process requires not only adding or modifying functionalities but it also requires changes in organisation’s processes. In fact, cybersecurity has to be considered as a holistic approach to product and service development rather than a feature of it.