Artifact GuideUKPSTI Scope Classifier Workflow

UK PSTI Product Security PSTI Scope Classifier Workflow

PSTI Scope Classifier Workflow decisions under UK PSTI Product Security should be written in operational language: who is in scope, what must happen, what evidence proves it, and when escalation is needed.

Use this guide to turn official requirements into scope, evidence, owner, and review decisions. This guidance is practical, source-linked, and should be validated against current legal and policy requirements before implementation.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
3

Structured answer sets in this page tree.

Primary sources
5

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

This page explains the UK PSTI scope-classifier workflow: how to decide whether a product is in scope, who owns each step, what evidence to capture, and when to escalate the decision. Use it to produce a clear, auditable output for manufacturers, importers, distributors, and their compliance teams.

Section 1

How should a PSTI Scope Classifier Workflow run under UK PSTI Product Security?

Run the workflow as PSTI product triage: scope the product, classify the role, verify the three security requirements, approve the statement, and prepare OPSS-response evidence.

A product is in scope if it is a relevant connectable product - that is, an internet-connectable product or a network-connectable product that is not an excepted product. The regime applies to manufacturers, importers, and distributors, and also creates duties for authorised representatives in some cases.

  • Capture the request, product, role, data flow, jurisdiction, and deadline.
  • Check the source-linked rule and route exceptions before implementation.
  • Record the action taken, owner, reviewer, evidence location, and next review date.
  • Keep a plain-language output that support, product, legal, security, and compliance teams can all understand.
Sources for this answer
The UK Product Security and Telecommunications Infrastructure (Product Security) regime
Workflow support for PSTI Scope Classifier Workflow.
Guidance
Workflow support for PSTI Scope Classifier Workflow.
Consumer connectable product security regulations
Workflow support for PSTI Scope Classifier Workflow.
Section 2

What fields should the PSTI Scope Classifier Workflow template capture?

A useful template captures product identifiers, responsible economic operator, security requirement evidence, support-period wording, statement approver, importer/distributor checks, and review trigger.

  • Source URL and source quote.
  • Entity, product, service, system, data category, and user group.
  • Decision result, control action, owner, reviewer, due date, and escalation reason.
  • Evidence attachment, approval note, exception note, and review cadence.
Sources for this answer
Guidance
Template field support for PSTI Scope Classifier Workflow.
Consumer connectable product security regulations
Template field support for PSTI Scope Classifier Workflow.
Regulation of consumer connectable product cyber security
Template field support for PSTI Scope Classifier Workflow.
Section 3

How should teams review and improve the PSTI Scope Classifier Workflow?

Review the workflow after firmware changes, supplier changes, product bundling changes, UK market placement changes, vulnerability reports, OPSS notices, or support-period updates.

  • Track recurring exception categories and update intake questions.
  • Remove fields that never affect the decision.
  • Add fields when reviews show missing source evidence or unclear ownership.
  • Confirm generated markdown and page content include the same visible source-linked guidance.
Sources for this answer
The UK Product Security and Telecommunications Infrastructure (Product Security) regime
Review support for PSTI Scope Classifier Workflow.
Guidance
Review support for PSTI Scope Classifier Workflow.
Consumer connectable product security regulations
Review support for PSTI Scope Classifier Workflow.
Regulation of consumer connectable product cyber security
Review support for PSTI Scope Classifier Workflow.
Recommended next step

Turn UK PSTI Product Security PSTI Scope Classifier Workflow into assigned work

Use this UK PSTI Product Security guide to turn PSTI Scope Classifier Workflow into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena.

Assessment workflow
Open Assessment Autopilot for UK PSTI Product Security

Turn PSTI Scope Classifier Workflow into scoped questions, evidence fields, and review tasks.

Explore next step
Research workflow
Review UK PSTI Product Security source evidence

Use Research Copilot to answer follow-up questions with cited source material.

Explore next step
Talk to Sorena
Talk through implementation

Review scope, evidence, owners, and the next compliance actions with Sorena.

Explore next step
Primary sources

References and citations

Guidance
gov.uk
Referenced sections
  • Review support for PSTI Scope Classifier Workflow.
"Our approach to carrying out our regulatory activities will be risk-based."
Related guides

Explore more topics

UK PSTI Act relevant connectable products: full scope and category definitions
UK PSTI Product Security guidance for Relevant Connectable Products Scope, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Act statement of compliance: evidence requirements and audit documentation
UK PSTI Product Security guidance for Statement Of Compliance And Evidence, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Act statement of compliance: what must the SoC contain?
UK PSTI Product Security guidance for Statement Of Compliance, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Act: is your product a relevant connectable product? scope test
UK PSTI Product Security guidance for Relevant Connectable Product Scope, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Act: step-by-step statement of compliance preparation workflow
UK PSTI Product Security guidance for Statement Of Compliance Workflow, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Act: step-by-step vulnerability disclosure process workflow
UK PSTI Product Security guidance for Vulnerability Disclosure Workflow, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Act: vulnerability disclosure policy requirements and template
UK PSTI Product Security guidance for Vulnerability Disclosure Policy, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Default Password Requirements
A source-linked guide to the UK PSTI default password rule for consumer connectable products: unique passwords, user-defined setup, prohibited patterns, and evidence to keep.
UK PSTI Product Security Applicability Test Guide
Practical guidance for the UK PSTI Product Security applicability test, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security Checklist
Practical guidance for the UK PSTI Product Security checklist, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security Compliance Guide
Practical guidance for the UK PSTI Product Security compliance, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security Deadlines and Compliance Calendar Guide
UK PSTI Product Security guidance for Deadlines and Compliance Calendar, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security ETSI Evidence Mapping Guide
UK PSTI Product Security guidance for ETSI Evidence Mapping, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security FAQ
Practical guidance for the UK PSTI Product Security FAQ, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security Importer And Distributor Duties Guide
UK PSTI Product Security guidance for Importer And Distributor Duties, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security Minimum Support Period And Update Transparency Guide
UK PSTI Product Security guidance for Minimum Support Period And Update Transparency, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security OPSS Enforcement and Penalties Guide
UK PSTI Product Security guidance for OPSS enforcement and penalties, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security OPSS Notices Guide
UK PSTI Product Security guidance for OPSS Notices, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security penalties and fines Guide
UK PSTI Product Security guidance for penalties and fines, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security PSTI Password And Update Policy Requirements Guide
UK PSTI Product Security guidance for PSTI Password And Update Policy Requirements, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security PSTI Statement Of Compliance Template Guide
UK PSTI Product Security guidance for PSTI Statement Of Compliance Template, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security PSTI vs CRA Guide
UK PSTI Product Security guidance for PSTI vs CRA, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security PSTI vs ETSI EN 303 645 Guide
UK PSTI Product Security guidance for PSTI vs ETSI EN 303 645, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security PSTI vs EU Cyber Resilience Act Guide
UK PSTI Product Security guidance for PSTI vs EU Cyber Resilience Act, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security Requirements Guide
Practical guidance for the UK PSTI Product Security requirements, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security Requirements In Practice Guide
UK PSTI Product Security guidance for Security Requirements In Practice, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security Supply Chain Roles Manufacturer Importer Distributor Guide
UK PSTI Product Security guidance for Supply Chain Roles Manufacturer Importer Distributor, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security Support Period Evidence Workflow Guide
UK PSTI Product Security guidance for Support Period Evidence Workflow, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI vs Australia Cyber Security Act Guide
UK PSTI Product Security guidance for PSTI vs Australia Cyber Security Act, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Default Passwords under UK PSTI Product Security?
UK PSTI Product Security guidance for Default Passwords, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about ETSI Evidence under UK PSTI Product Security?
UK PSTI Product Security guidance for ETSI Evidence, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Excepted Products under UK PSTI Product Security?
UK PSTI Product Security guidance for Excepted Products, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Importer And Distributor Duties under UK PSTI Product Security?
UK PSTI Product Security guidance for Importer And Distributor Duties, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about OPSS Notices under UK PSTI Product Security?
UK PSTI Product Security guidance for OPSS Notices, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Relevant Connectable Products under UK PSTI Product Security?
UK PSTI Product Security guidance for Relevant Connectable Products, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Statement Of Compliance under UK PSTI Product Security?
UK PSTI Product Security guidance for Statement Of Compliance, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Support Periods under UK PSTI Product Security?
UK PSTI Product Security guidance for Support Periods, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Update Transparency under UK PSTI Product Security?
UK PSTI Product Security guidance for Update Transparency, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Vulnerability Disclosure under UK PSTI Product Security?
UK PSTI Product Security guidance for Vulnerability Disclosure, with practical decisions, evidence, edge cases, and external source citations.