Our experience with the design and practice of standards-based cyber security evaluation schemes means we can independently assess a wide range of IT and OT products and systems.
If you’re a smart metering equipment vendor or if you’re working with physical security products, you might want to check out our formal evaluation services like CPA and CAPSS.
Otherwise, if you are looking to demonstrate how your product or system meets some other set of security requirements we’re here to help.
Independent evaluations
Our experts can conduct an independent evaluation of your product or system, tailored to your customer’s or stakeholder’s needs. This often involves checking compliance against a standard, security characteristic or some other guidance, e.g., a tender document.
It’s important that developers can go into an evaluation process with realistic expectations and contingency plans. We can customise what we do according to the specifics of your product and business goals.
A typical evaluation might involve a review of your design, a secure development lifecycle audit, functional security testing and fuzz testing – or some combination.
We can tailor what we do to fit within your budget.
Pre-evaluation consultancy
Security requirements can sometimes be a bit of a challenge to interpret. If you need help to understand what they all mean, and how to meet them, we can assist. We can also run risk workshops to help you to understand which areas of your product or process are likely to comply, and where you might need to do more work to improve your implementation.
Independent testing
Having an independent test lab verify that your product has been tested for security vulnerabilities can be a real differentiator in the marketplace. Why not let us take a closer look at your product.
Or, if you’d prefer to do the testing for yourself, we’ve got some great tools you could use to discover implementation bugs!
Need to validate that your product meets customer driven security requirements or industry standards?
Looking to provide your customers with some independent validation that your design is secure?
Want to take measures to strengthen your system and minimise the chance of zero-day vulnerabilities ?
Other topics we can guide you through
- Which elements of my product should I focus on to improve its overall security and resilience?
- How can I show my product/system meets a minimum set of security requirements for my end customer?
- What different techniques can I use to find vulnerabilities I won't typically see during my normal testing activities?
- How do I enable a continuous assurance mindset in my development process?
