Skip to searchSkip to main content
  • Lab services

    Risk mitigation with early pre assessment, compliance assessment of security requirements and certificate maintenance  services.

Services Lab services

Brightsight can help developers at every stage of their security development cycle, from pre-evaluation to final evaluation (leading to certification). Get your product tested in the development stage already to avoid any security issues in your final product, thereby minimising costs and delays in your product launch.

Pre-evaluation
Security evaluation
Post-certification
Pre-evaluation

Brightsight's pre-evaluation services will identify potential attention points and prevent risks for both finished and unfinished products, documentation and sites. You can gain an in-depth understanding and avoid late development redesign costs or possible delays ahead of your formal evaluation.

Can my product pass a security evaluation?

This is an important question when you need an approval within a specific time frame or when you want to prevent risks or avoidable redesign costs late in your development process.

Brightsight offers pre-evaluations on products, but also on supporting documentation and sites. We can start a pre-evaluation in the development stage already. This means that if we find anything crucial, you still have time to take action before it's too late.

Brightsight checks how the security of a product works and offers gives feedback on this. In our experience, discussing this feedback with the developers in an interactive session is extremely beneficial. 

We offer

Hardware pre-evaluation

Design review

Documentation analysis

Pre-testing

Gap analysis/Readiness validation

We can also perform specific tests based on the requirements for the certificate you are aiming for.

Want to discuss more about your project scope and security evaluation needs?

Security evaluation

Brightsight offers two types of security evaluations

Evaluations leading to a certification, where testing is based on scheme requirements
Evaluation services to test your product against cybersecurity standards and regulations

Assessment of security requirements against industry standards and schemes, with the ultimate goal to obtain certification from these specific schemes. A security assessment will result in a report that is sent to the schemes for approval. In order to pass all security checks, a smart consideration would be to have already undergone pre-evaluation.

Examples

Security testing includes

Scope and documentation
Vulnerability assessment

The goal of a document review is to evaluate the completeness in terms of content, presentation and readability of CC evidence.

Have a vulnerability analysis performed in order to identify potential pitfalls, allowing you to focus your energy and resources where it matters.

Penetration testing
Design and code review

Stay up to date with the state of the art in security evaluation, using the ultimate techniques and tools.

Make use of the expertise of some of the best experts in the areas of IP, software and hardware security for validating and evaluating your designs.

Site security evaluations

Site security evaluations are critical assessments conducted to determine the effectiveness of security measures in protecting physical locations and sensitive data. These evaluations encompass a wide range of factors, from access control and surveillance systems to emergency response procedures and employee training. For organizations handling sensitive information or operating in high-risk environments, a thorough site security evaluation is not just a best practice, but a necessity.

Various schemes and certification bodies require a security evaluation of a development and/or production site of the product. Brightsight can perform objective assessments for site security evaluations independent of product evaluations and the result can be re-used in multiple product evaluations. This is possible for Common Criteria (STAR report) or EMVCo, for example.

The duration of a site security evaluation varies depending on the size and complexity of the site, as well as the specific scope of the assessment. Factors to consider include the availability of documentation, the cooperation of personnel, and the need for on-site testing. Conditions that must be met include access to relevant areas, provision of security system data, and participation in interviews. It's crucial to schedule evaluations well in advance, considering operational schedules and potential disruptions.

We deliver detailed reports that highlight vulnerabilities and provide clear guidance on remediation.

  • If you have a site independently evaluated, you will receive a certificate valid for two years. 
  • We also offer Site Assessment Reports as a service for customers looking to understand the security of their sites or obtain evidence of their security capabilities.

To enhance your site's security posture and ensure compliance, contact Brightsight today for a comprehensive evaluation.

Post-certification

Brightsight's post-certification services include:

Certificate renewal

Delta evaluation

Re-validation

Annual checkpoint

Admin change