"What recognized security certificates are there?"
"Considering my product and industry, which certificates do I need?"
"What requirements must I meet to obtain a security certificate?"
Prove the IT security of your product with recognized security certificates or conformity tests
For you and your customers, proper security certification independently attests to the effective protection of your product’s data and functions. It also serves as proof that the necessary organizational processes in development and operation meet the latest security requirements.
ESCRYPT will support you throughout the certification process. Let us help you certify your products to international standards such as the U.S. Federal Information Processing Standards 140 (FIPS-140) or the internationally recognized Common Criteria (ISO/IEC 15408).
In cases for which there are no recognized IT security standards, ESCRYPT can conduct an independent security review to determine if your product is compliant with generally recognized security measures. This serves to improve the security of your product and increase its acceptance by your customers.
Independent certification support and conformity testing
If you are planning to develop a product that will need certification, ESCRYPT will advise you thoroughly on all necessary requirements and processes. In addition, we will inform you of the expected costs that you should be factoring in right from the start of the development cycle.
ESCRYPT provides comprehensive consulting on all key aspects throughout the certification process. Services include producing the necessary documentation (e.g. protection profiles, security objectives, security guidelines, and design assertions), supporting any necessary adaptations to the product or processes, and facilitating communication with appropriate certificate authorities and testing labs.
Building on its experts’ comprehensive expertise and years of experience in IT security, ESCRYPT can issue independent reports on individual product segments or functions – and even entirely new product groups – for which no recognized security standards exist. ESCRYPT also relies on many tools to automatically test implementations, for example, or to issue expert reports about their conformity with various (security) coding standards.