I need a certification for my IoT solution

A security evaluation by a certified third party provides assurance for both users and developers that solutions are secure and state of the art. Security evaluations are becoming the norm and, in some cases, mandatory in the form of compliance. Whether you are a developer of semiconductors, software stacks or finished IoT products, security evaluation provides an opportunity to differentiate yourself by delivering security as value within the IoT value chain.

Fields of expertise

  • Design review
  • Code review
  • Vulnerability analysis
  • Penetration testing
  • Certification program design

Some of our customers

The process of getting a certificate


In the world of compliance, it is important to be up to date with the latest requirements. Using the most advanced technology and market expertise when developing our tools, we support you during your security evaluation. Brightsight is the most accredited independent laboratory in the world for high-end security. Our experts are contributors to working groups in automotive and industrial IoT and active members of governmental and industrial initiatives for cybersecurity and privacy.


Our customers are looking to meet their business requirements, including compliance, time to market, price points and market/product requirements. Business risk management is an important element of business requirements. Our objective is to build long-lasting relationships with our customers and to become their trusted business partner for security evaluations by providing them with useful, up-to-date knowledge of state-of-the-art technologies, market trends and requirements in local, global and vertical arenas.

Why work with us?

  • Our 35 years of expertise tailored to your needs
  • Efficient evaluation and certification timelines
  • Quick turnaround and commitment for your time to market
  • The most extensive technical capacity of all security labs worldwide

Our IoT service offering:



Training Courses

Additional services

  • GDPR Readiness Assessment
  • Site Audits
  • Security Evaluations
    – PSA Certified
    – SESIP
    – Common Criteria
    – ISA/IEC 62443-4-1/2
    – DTSEC
    – ICA
  • Secure Coding
  • Secure Design
  • Common Criteria training
  • GDPR Readiness training
  • IoT baseline security training:
    – Security & Privacy by Design



  • Security Risk Assessment
  • Penetration Testing
  • Scheme and certification programms design
  • Vulnerability Analysis
  • GSMA IoT Security Assessment




Click here to download our brochure

New standards and security testing approaches


Security Evaluation Scheme for IoT Platforms (SESIP)

Brightsight  is  a  founding  member  of  SESIP.  SESIP  is  an  internationally  recognised  Security  Evaluation   Scheme,   supported   by   a   large   community  of  the  top  security  providers  in  the  hardware and software domains. SESIP provides an  optimized  version  of  the  Common  Criteria  methodology applied for IoT platofrm. A platform is software and hardware combined, ready to be implemented in your IoT product. SESIP provides solution-ready, pre-certified IoT platforms for the main  industry  compliance  requirements.  When  completing the SESIP evaluation with Brightsight, you will receive a SESIP certificate which states your platform is secure.


Platform Security Architecture (PSA) Certified

Brightsight is a founding member of Arm Platform Security   Architecture   (PSA)   CertifiedTM,   an independent  Security  Evaluation  Scheme  for  PSA-based IoT systems. PSA Certified TM is an industry-driven  initiative  advocating  the  use  of  independent  third-party  testing  as  the  norm  for  building  trust  across  the  entire  IoT  ecosystem.  This multilevel scheme was designed for device manufacturers  and  businesses  to  achieve  the  level  of  security  they  need  for  their  use  cases.

Our Lead Partners:


GSMA IoT Security Assessment

Brightsight is recognized by the GSMA as a security lab offering the GSMA IoT Security Assessment as a service, providing IoT security capability to the wider ecosystem. These services can help companies without the necessary resources or expertise to complete an assessment and test their IoT solutions to ensure end-to-end security.

The assessment provides companies with a flexible framework that addresses the diversity of the IoT market, enabling organizations to build secure IoT devices and solutions as clarified in the GSMA IoT Security Guidelines. The GSMA IoT Security Guidelines is a comprehensive set of practices promoting the secure end-to-end design, development and deployment of IoT solutions. Companies that typically adopt the security guidelines include IoT service providers, platform vendors and device vendors.

Benefits of GSMA IoT Security Assessment:

  • It is based on a structured approach and concise security controls
  • Covers the whole ecosystem
  • Can fit into a supply chain model
  • Provides a flexible framework that addresses the diversity of the IoT market