ONEKEY vs SGS
ONEKEY
ONEKEY operates the ONEKEY Product Cybersecurity & Compliance Platform, which performs automated firmware analysis, SBOM generation, vulnerability detection, and zero-day discovery. Its Compliance Wizard maps product evidence against the CRA and other frameworks, and its CRA Fast Start program structures readiness assessment, SBOM creation, vulnerability management, and continuous monitoring. ONEKEY (formerly IoT Inspector) is part of PwC Germany's investment portfolio.
Pros
- Automated, platform-driven firmware/binary analysis rather than purely manual consulting
- Purpose-built CRA Compliance Wizard covering multiple product-security regulations in one tool
- Strong European product-security positioning, backed by PwC Germany investment
- Continuous monitoring across the product lifecycle, not a one-time audit
Cons
- Software/platform-led: provides tooling and evidence, not formal conformity assessment or CE certification (not a notified body)
- No public pricing
- Technical product analysis focus; legal/organizational process consulting lighter than at full TIC firms
Pricing: Custom (contact sales)
SGS
SGS is the world's largest testing, inspection, and certification company. Its cybersecurity arm, SGS Brightsight, runs accredited security-evaluation laboratories (including a facility in Graz, Austria) that assess digital products against CRA requirements and RED cybersecurity standards. SGS develops tailored CRA service packages and operates a Notified Body that can issue EU type certificates for RED Article 3(3) using EN 18031.
Pros
- Massive global scale (~99,500 employees; ~2,500 labs/offices in 115 countries)
- Brightsight is a top-tier security-evaluation lab with deep Common Criteria and high-assurance expertise
- Notified Body able to issue EU type certificates for RED cybersecurity (EN 18031)
- Accreditations including ISO/IEC 17025, plus IEC 62443 and EN 18031 capability
Cons
- Large enterprise TIC firm — formal certification-led engagements, less suited to small or early-stage manufacturers
- No public pricing
- Evaluation/certification focus rather than ongoing in-house remediation engineering
Pricing: Custom (contact sales)