Digitalized Quality Management for Cybersecurity Conformity Assessment: ISO/IEC 17025-Based Automated Workflows, Evidence Analytics, and EN 18031 Readiness for the Radio Equipment Directive
Aymen Gatri, David Lübeck, Mukayil KilicCybersecurity conformity assessment is increasingly shaped by the Radio Equipment Directive (RED) delegated act, the EN 18031 harmonized standards, the Cyber Resilience Act, and industrial standards such as International Electrotechnical Commission (IEC) 62443. ISO/IEC 17025:2017 provides a general laboratory competence framework, but its application to qualitative cybersecurity testing, rapidly changing toolchains, and automation-assisted evidence workflows remains under-specified. This paper proposes a digitalized quality-management framework that translates ISO/IEC 17025 clauses into cybersecurity-native controls for scope definition, method governance, toolchain control, evidence traceability, decision rules, technical review, and corrective-action feedback. An accreditation-style single-laboratory case study integrates a European Telecommunications Standards Institute (ETSI) TS 103 701 assessment workbook, an IEC 62443 corrective-action dataset, ISO/IEC 17025 internal audit findings, and laboratory governance records. In the ETSI workbook, the Conformity Statement Ambiguity Index (CSAI) decreases from 0.976 in the draft state to 0.050 after review, with 37 previously inconclusive provisions moving to PASS. This result is interpreted as improved determinability within the assessed workflow, not as cross-laboratory validation. The study contributes a clause-to-workflow operationalization of ISO/IEC 17025, an analytic design for heterogeneous assurance artefacts, and an EN 18031 evidence-mapping approach for Radio Equipment Directive readiness.