Very often it is heard that security is hard to precisely define and even harder to measure. For organizations and manufacturers who decide to include cybersecurity as one of their main focus points, there is always the questions of where to start and what is sufficient. At Secura, we constantly keep a close eye on the way in which security impacts various domains, and we acknowledge this issue.
We believe that the easiest and most efficient way of improving the level of security is through benchmarking, compliance and certification based on (international) standards. Secura is an active member and contributor of Dutch and international security standardization organizations. Examples of these are the Dutch Cyberveilig Nederland association or the European Cyber Security Organization (ECSO) on EU level. Due to our key position, we have a clear overview of the state-of-the-art in terms of benchmarking and certification.
We know that security is not a one-person activity, therefore our services cover manufacturers, organizations as well as professionals. Moreover, we can support you through the whole process, starting with preparation all the way to compliance assessment and in many cases the certification itself. We can help you in the following domains.
Medical Device Security Certification
From simple insulin pumps all to way to complex MRI systems, all medical devices need to receive approval in order to be placed on the EU or USA markets. The regulatory requirements imposed in these cases ask for validation of the product’s security features. Aligning to internationally recognizes standards in this process is a practice which is strongly encouraged in both cases. Secura can help you demonstrate compliance with a wide range of relevant standards, such as:
- IEC 62443 or UL 2900 – Validating the product’s security features
- IEC 62304 – Validating the software development practices for medical devices
- ISO 14971 – Validating the risk management practices for medical devices
- ISO 13485 – Validating the quality management procedures for medical devices
We can offer you individual compliance to these standards, as well as tailored EU of USA market approval solutions.
ICS/SCADA Security Certification
Industrial control systems and components are generally valued for their functionality and durability. However, in the context of the technological advancements leading to the IIoT (Industrial Internet of Things), security starts to play a crucial role. Benchmarking these systems and components can help you gain market advantage and avoid breaches with possible critical impacts in your organization.
Secura can help you benchmark your off-the-shelf products, integrated systems or security procedures against the internationally recognized IEC 62443 standard, the current reference in the ICS domain. On top of that, additional relevant frameworks and standards could provide advantages depending on your position in the industry.
IoT Security Certification
Consumer IoT products are attractive and easy to procure by end-users. At the same time, they could be open doors into their internal networks, exposing their privacy and leading to possible high risks. In the absence of a regulation addressing these products, it is up to manufacturers to take steps for controlling these risks and improving brand reputation. Secura has a complete overview of the most relevant standards and frameworks which could validate the security of your products. We can offer you product security compliance against the internationally recognized IOT Security Foundation Framework, or go even further by adding additional internationally recognized IoT security standards.
Automotive Security Certification
Today’s cars are veritable computers on wheels. The wired and wireless interfaces which are offered are making the user experience better and the driving safer. Or are they? By taking advantage of an unprotected interface, an attacker can get control of your vehicle and expose you to high risks. Security needs to be treated very carefully in this strongly developing domain. Secura is up-to-date with the automotive security frameworks published at EU or USA level (by ENISA or the US Department of Transportation), as well as the emerging regulations on the topic. Our assessments can target different systems of the vehicle, such as the infotainment, external interfaces or the ECU.
The Dutch Baseline Security Product Assessments (BSPA) scheme is required by many governmental organizations in order to validate the products which they are using. Based on the Common Criteria concepts, this certification has a wide range of IT products in scope, such as VPNs, firewalls, operating systems, file security solutions, password managers and many more. As a licensed lab, Secura can support you through the whole process of the BSPA assessment including the preparation of required forms, documentation and samples, continuing with the actual security testing and ending with the applicable deliverables which will support the approval process.. The aim of a BSPA assessment is the successful follow up of the deployment advisory.
Secura is a partner of PECB (www.pecb.com) and offers on a regular basis various training sessions, which can often conclude with a certification exam. The next event in this series is the ISO/IEC 27001 Lead Implementer course, between 27 – 31 August 2018.
Contact one of our experts on +3140 990 2377 or send an e-mail to firstname.lastname@example.org, to identify your needs and come up with a solution that seamlessly integrates with your question.