A Framework for Digitalized Quality Management in Cybersecurity Testing Laboratories: Integrating ISO/IEC 17025:2017 Requirements into Automated Workflows

Industrial maintenance is increasingly software defined and interconnected through the internet of things, which forces a redefinition of uptime as cyber incidents begin to behave like unplanned downtime as per International Electrotechnical Commission (IEC) [1]. ISO/IEC 17025:2017 is a widely used standard for demonstrating laboratory competence in testing and evaluation across many industrial areas and disciplines [2]. Despite its long-standing and broad use, it remains under-documented and challenging when applied to cybersecurity testing. This is due in part to the nature of the business, which is highly fragmented and unique and must be treated differently from traditional laboratory activities. Cybersecurity testing has its own specific characteristics, in which software, hardware, cloud services and other components are tested individually or as integrated systems and solutions.