Robustel Security Centre
Secure-by-design IoT solutions, built around global cybersecurity compliance.
Connected devices naturally face cybersecurity challenges that require robust safeguards. At Robustel, security is engineered into hardware, firmware, and cloud services from design through operations. This Security Centre outlines our standards, testing, and update practices: secure-by-design development, encrypted communications, strong authentication, hardened configurations, and fleet management via RCMS. Our program aligns with CRA, NIS2, ISO/IEC 27001, and IEC 62443. We perform ongoing security testing, run a coordinated vulnerability disclosure process, and deliver timely firmware and software updates. The result is enterprise-grade assurance you can trust at scale. Explore resources, current certification status, and reporting channels below.
Robustel Cybersecurity ‘Quick Pitch’ Video
- Certified secure development process (IEC 62443-4-1) governs how we design, build, and test products.
- Recurring independent penetration tests cover RobustOS, RobustOS Pro, and RCMS; executive summaries are available under NDA.
- RCMS runs on Microsoft Azure with documented controls for identity, data protection, and operations; an evidence pack is available on request.
- Sector proof where it matters, for example IEC 61162-460 certification for maritime bridge networks.
- Clear vulnerability handling: intake and CVSS assessment, fixes, public advisories (with CVE where applicable), and a predictable update cadence.
The bottom line is that Robustel is a supplier you can audit, a platform you can trust, and the right artifacts for your risk and compliance teams.
Global Security Standards Robustel Align With:
ISO/IEC 27001
Information Security Management System (ISMS)
Risk-based framework for managing information security across people, process, and tech.
IEC 62443-4-1
Secure Product Development Lifecycle Requirements
Processes for secure design, implementation, testing, release, and maintenance of industrial products.
EU CRA
Cyber Resilience Act
Secure-by-design, vulnerability handling, and lifecycle update obligations for products with digital elements.
NIS2
Network and Information Security Directive 2
Heightened cybersecurity and supply-chain expectations for essential/important entities; vendor support for risk management
EN 18031
Common Security Requirements for Radio Equipment (Parts 1–3)
RED cybersecurity standards covering internet-connected devices, privacy, and fraud
EUCC
EU Cybersecurity Certification Scheme (Common Criteria-based)
Common Criteria-derived EU certification with defined assurance levels.
UK PSTI
Product Security and Telecommunications Infrastructure Act
Baseline consumer-IoT protections (unique credentials, update policy transparency, reporting), mapped to ETSI EN 303 645.
IEC 61162-460
Maritime Navigation & Radiocommunication — Interconnection (Safety & Security)
Secure, high-integrity shipboard networks (e.g., bridge/VDR) with defined security measures and tests.
IACS UR E26/E27
Cyber Resilience of Ships &
On-Board Systems (Unified Requirements)
Class rules for ship cyber resilience (E26) and on-board systems/equipment (E27); supports type approval.
Vulnerability Reporting & Response
Vulnerability Disclosure Policy (VDP)
Robustel are committed to the security and resilience of our products and services. Our Vulnerability Disclosure Policy (VDP) invites researchers, customers, and partners to report issues responsibly so we can mitigate risk quickly. The policy below explains how to report a potential vulnerability and how we respond.
Scope
This VDP covers all officially released Robustel products, firmware, and services, as well as web applications hosted under our official domains. It does not cover third-party services outside our control, social-engineering attempts against our staff, partners, or customers, or physical attacks on property or facilities.
Reporting a vulnerability
If you discover a potential security issue, please use our Security Report Form. Include the product or service name and version, a clear description of the issue, and proof-of-concept or reproducible steps if available. Please avoid sharing live customer data; redacted logs and screenshots are preferred.
Our commitments
We will acknowledge your report within 7 calendar days and our security team will investigate and validate the issue. For confirmed critical vulnerabilities, we aim to fix or mitigate within 90 days, or provide interim safeguards where a full fix requires more time. We will keep you informed of status where possible, and with your consent credit you in the public advisory when the issue is disclosed.
Robustel Vulnerability
Response Process
Submit vulnerabilities via email or form. We confirm within 7 days and assign an ID.
How We Test So You Can Deploy With Confidence:
Security at the edge is too important to leave to chance. This section shows, step by step, how Robustel tests products before they reach your network turning requirements and threat models into real tests, validating fixes, and proving results with independent penetration testing and clear advisories. The outcome for you: fewer surprises in the field, faster approvals with IT and compliance, and a platform you can trust at scale.
1. Security Requirements Testing
Before any release, we verify that security is designed, implemented, and stable under real workload. Teams test core security functions, performance and scale, edge conditions, malformed inputs, and trust boundaries so controls work under stress not just in a lab.
2. Threat Modeling Validation
We turn the threat model into action. For every identified threat, we test that the mitigation works as intended, then we try to defeat it with the same techniques an attacker would use.
3. Vulnerability
Discovery
We look for weaknesses the way attackers do. Automated and manual fuzzing, protocol abuse, and high-load scenarios probe every external interface, while an attack-surface review finds weak ACLs, exposed ports, and services running with unnecessary privileges.
4. Independent Penetration Testing
An external team performs black-box testing on a recurring schedule and at project milestones that allow time to fix and re-test. Findings are prioritized, mitigated, and verified before wide release.
5. Issue Documentation and Assessment
Every confirmed issue is recorded with time, location, scope, and reliable reproduction steps. We analyse root cause and user impact, assign severity, and prioritise the fix so the most important risks are addressed first.
6. Remediation and Verification
Fixes follow a plan and schedule. Code changes undergo security review, QA validates effectiveness, and we re-run relevant security tests to ensure the issue is resolved without introducing new ones.
7. Release and Responsible Disclosure
We choose the right release path: normal, interim, or emergency. Security notes and deployment guidance are updated, and when disclosure is appropriate, we publish advisories with mitigation steps and timelines. Post-release monitoring confirms stability in the field.
8. Continuous
Improvement
We learn from patterns. Trends in findings shape future requirements, test methods, and training. Threat models are updated as features evolve so the security design stays aligned with the product.
