Assurance & Certification
Very often it is heard that security is hard to precisely define and even harder to measure. For organizations and manufacturers who decide to include cybersecurity as one of their main focus points, there is always the questions of where to start and what is sufficient. At Secura, we constantly keep a close eye on the way in which security impacts various domains, and we acknowledge this issue.
We believe that the easiest and most efficient way of improving the level of security is through benchmarking, compliance and certification based on (international) standards. Secura is an active member and contributor of Dutch and international security standardization organizations. Examples of these are the Dutch Cyberveilig Nederland association or the European Cyber Security Organization (ECSO) on EU level. Moreover, we also focus on contributing to industry specific standardizations. Due to our key position, we have a clear overview of the state-of-the-art in terms of benchmarking and certification.
We know that security is not a one-person responsibility; therefore our services cover manufacturers, organizations as well as professionals. In many domains, Security Certifications are not yet established or still under development. Even then, standards can be used.
- Secura supports you in defining and developing standards, security frameworks and certification schemes.
- In case standards are in place, we support you through the whole process, starting with preparation all the way to the compliance assessment and in many cases the certification itself.
Secura is active within in the following domains.
Assurance services and Cyber security compliance (ISAE 3000)
Assurance services are professional assessment services that perform audits according to international accepted assurance audit standards, such as ISAE 3000. We have broad experience in working with a lot of international standards and best practices like the NIST standards, SANS and OWASP best practices, ISO standards, Cloud security standards (CSA) and control frameworks. By partnering with Secura for an assurance assessment, you are guaranteed to receive a complete evaluation service, based on state-of-the-art criteria.
Please check our page on Assurance services and Cyber security compliance for a complete overview.
Medical Device Security Certification
From simple insulin pumps all the way to complex MRI systems, all medical devices need to receive approval before deployment on the EU or USA markets. The regulatory requirements imposed in these cases ask for validation of the product’s security features. Aligning to internationally recognized standards in this process is a practice which is strongly encouraged. Secura can help you demonstrate compliance with a wide range of relevant standards, such as:
- IEC 62443 or UL 2900 – Validating the product’s security features
- IEC 62304 – Validating the software development practices for medical devices
- ISO 14971 – Validating the risk management practices for medical devices
- ISO 13485 – Validating the quality management procedures for medical devices
We can offer you individual compliance to these standards, as well as tailored validations regarding EU of USA market approvals.
ICS/SCADA Security Certification
Industrial control systems and components are generally valued for their functionality and durability. However, in the context of the technological advancements leading to the IIoT (Industrial Internet of Things), security starts to play a crucial role. Benchmarking these systems and components can help you gain market advantage and avoid breaches with possible critical impacts in your organization.
Secura can help you benchmark your off-the-shelf products, integrated systems or security procedures against the internationally recognized IEC 62443 standard, the current reference in the ICS domain. On top of that, additional relevant frameworks and standards could provide advantages depending on your position in the industry.
IoT Security Certification
Consumer IoT products are attractive and easy to procure by end-users. At the same time, they could be open doors into their internal networks, exposing their privacy and leading to possible high risks. In the absence of a regulation addressing these products, it is up to manufacturers to take steps for controlling these risks and improving brand reputation. Secura has a complete overview of the most relevant standards and frameworks, which could validate the security of your products. We can offer you product security compliance against the internationally recognized IOT Security Foundation Framework, or go even further by adding additional internationally recognized IoT security standards. Secura already developed a benchmark and integration of the best IoT standards currently available.
Automotive Security Certification
Today’s cars are veritable computers on wheels. The wired and wireless interfaces that are offered are making the user experience better and the driving safer. But what about security? By taking advantage of an unprotected interface, an attacker can get control of your vehicle and expose you to high risks. Security needs to be treated very carefully in this strongly developing domain. Secura is up-to-date with the automotive security frameworks published at EU and USA level (by ENISA or the US Department of Transportation), as well as the emerging regulations on this topic. Secura offers security assessments targeting different systems of the vehicle, such as the infotainment, external interfaces or the ECU.
The Dutch Baseline Security Product Assessments (BSPA) scheme is required by many governmental organizations in order to validate the products which they are using. Based on the Common Criteria concepts, this certification has a wide range of IT products in scope, such as VPNs, firewalls, operating systems, file security solutions, password managers and many more. As a licensed lab, Secura can support you through the whole process of the BSPA assessment including the preparation of required forms, documentation and samples, continuing with the actual security testing and ending with the applicable deliverables which will support the approval process.. The aim of a BSPA assessment is the successful follow up of the deployment advisory.
Contact one of our experts on +3140 990 2377 or send an e-mail to firstname.lastname@example.org, to identify your needs and come up with a solution that seamlessly integrates with your question.