cetome.com

What It Is

cetome is a “pure-player advisory” cybersecurity consultancy with addresses in London and Lyon, France. It focuses on product cybersecurity and regulatory compliance, especially for IoT manufacturers. Its services cover everything from secure design, product portfolio governance, and supply chain management to post-market vulnerability disclosure and vulnerability management. Its clients range from 5-person startups to large multinational companies.

Core Capabilities and Compliance Coverage

In terms of protection type, cetome is not a traditional EDR provider, firewall vendor, or MSSP, but a product security and compliance consultancy. Its key capabilities include CRA compliance readiness, RED cyber and EN 18031 implementation, risk assessment, threat modeling, technical documentation, test-lab coordination, security architecture, and product security governance. Its ProSecCo model uses questionnaires and dashboards to assess the maturity of IoT products and development teams, and supports target profiles for CRA, consumer IoT, complex IoT, and medical IoT. The main materials also mention SBOM, vulnerability reporting processes, and post-market vulnerability management, but do not show a real-time monitoring or alerting platform.

Deployment, Pricing, and Integrations

Delivery is mainly through customized consulting, packaged services, training courses, and online/free tools. REDact can help assess product scope, complete risk assessments, fill in EN 18031 decision trees, and populate E.Info templates. The RED pre-compliance template is used for gap assessment, while CRA Basics provides checklists and a free self-assessment tool for SMEs. No fixed package pricing is disclosed; the site only states that services can be customized and packaged, and describes them as being available at an “accessible price,” so companies will need to contact cetome for a quote.

Pros and Cons

Its strengths are a vertical focus on IoT product security and EU regulations, covering scenarios such as CRA, RED, EN 18031, EN 303 645, and IEC 62443-4-2, with an emphasis on a lifecycle approach from design through retirement. Its free tools and templates can help companies conduct early-stage self-checks. Limitations include the lack of public pricing, payment methods, SLA details, and delivery timelines. Some tool pages only showed “Loading application” when crawled, so the actual user experience needs to be verified. There is also limited information on localized compliance adaptation for non-EU markets such as China.

Who It’s For and Access from China

cetome is suitable for manufacturers of consumer IoT, industrial IoT, wearables, smart metering, EV infrastructure, and similar products that are preparing to enter the EU market, especially teams that need a CE/RED or CRA roadmap. The source materials do not provide information on access from China, so this remains unknown; payment methods are also not disclosed. If a company is more focused on China’s MLPS, critical information infrastructure, connected vehicles, or local IoT testing, it should also evaluate domestic cybersecurity testing institutions and compliance consulting alternatives.