Skip to searchSkip to main content
  • Lab services

    Contact us
Services Lab services

Brightsight can help developers at every stage of their security development cycle, from pre-evaluation to final evaluation (leading to certification). Get your product tested in the development stage already to avoid any security issues in your final product, thereby minimising costs and delays in your product launch.

Pre-evaluation
Evaluation
Certification
Pre-evaluation

Brightsight's pre-evaluation services will identify potential attention points and prevent risks for both finished and unfinished products, documentation and sites. You can gain an in-depth understanding and avoid late development redesign costs or possible delays ahead of your formal evaluation.

Can my product pass a security evaluation?

This is an important question when you need an approval within a specific time frame or when you want to prevent risks or avoidable redesign costs late in your development process.

Brightsight offers pre-evaluations on products, but also on supporting documentation and sites. We can start a pre-evaluation in the development stage already. This means that if we find anything crucial, you still have time to take action before it's too late.

Brightsight checks how the security of a product works and offers gives feedback on this. In our experience, discussing this feedback with the developers in an interactive session is extremely beneficial. 

We offer

Pre-testing
GAP analysis
Readiness validation
Impact analysis

We can also perform specific tests based on the requirements for the certificate you are aiming for.

Want to discuss more about your project scope and security evaluation needs?

Evaluation

Brightsight offers two types of security evaluations

Evaluations leading to a certification, where testing is based on scheme requirements
Evaluation services to test your product against cybersecurity standards and regulations

Assessment of security requirements against industry standards and schemes, with the ultimate goal to obtain certification from these specific schemes. A security assessment will result in a report that is sent to the schemes for approval. In order to pass all security checks, a smart consideration would be to have already undergone pre-evaluation.

We offer

Vulnerability assessment
Delta evaluation
Renewal and maintenance
Re-validation
Annual checkpoint
Admi changes

Site security evaluations

Various schemes and certification bodies require a security evaluation of a development and/or production site of the product. Brightsight can perform objective assessments for site security evaluations independent of product evaluations and the result can be re-used in multiple product evaluations. This is possible for Common Criteria (STAR report) or EMVCo, for example.

We deliver detailed reports that highlight vulnerabilities and provide clear guidance on remediation.

 The goal of a site pre-audit is to explore the gap between the current security level of the site and the JIL Minimum Site Security Requirements and draw up a concrete proposal of the steps needed to get the site ready for a formal site audit evaluation.


Site security evaluations are critical assessments conducted to determine the effectiveness of security measures in protecting physical locations and sensitive data. These evaluations encompass a wide range of factors, from access control and surveillance systems to emergency response procedures and employee training. For organizations handling sensitive information or operating in high-risk environments, a thorough site security evaluation is not just a best practice, but a necessity.

Why is this important? In today's landscape of evolving threats, organizations face increasing challenges in maintaining robust site security. Cyberattacks, physical intrusions, and insider threats can all compromise valuable assets and disrupt operations. The challenge lies in understanding the complex interplay of security measures and identifying vulnerabilities before they are exploited.

Brightsight, as a leading security evaluation lab, offers comprehensive site security evaluation services. We meticulously assess your existing security infrastructure against industry best practices and regulatory requirements. Our evaluations provide a detailed analysis of potential weaknesses, and this report is sent to the relevant scheme or certification body for certification.

The duration of a site security evaluation varies depending on the size and complexity of the site, as well as the specific scope of the assessment. Factors to consider include the availability of documentation, the cooperation of personnel, and the need for on-site testing. Conditions that must be met include access to relevant areas, provision of security system data, and participation in interviews. It's crucial to schedule evaluations well in advance, considering operational schedules and potential disruptions.

  • If you have a site independently evaluated, you will receive a certificate valid for two years. 
  • We also offer Site Assessment Reports as a service for customers looking to understand the security of their sites or obtain evidence of their security capabilities.

Security testing includes

Scope and documentation
Vulnerability assessment

The goal of a document review is to evaluate the completeness in terms of content, presentation and readability of CC evidence.

Have a vulnerability analysis performed in order to identify potential pitfalls, allowing you to focus your energy and resources where it matters.

Penetration testing
Design and code review

Stay up to date with the state of the art in security evaluation, using the ultimate techniques and tools.

Make use of the expertise of some of the best experts in the areas of IP, software and hardware security for validating and evaluating your designs.

To enhance your site's security posture and ensure compliance, contact Brightsight today for a comprehensive evaluation.

Certification

Brightsight CB, a newly established Certification Body within Brightsight, operates from one accredited location in Europe: Madrid, Spain. Brightsight serves as both a Certification Body (CB) and an IT Security Evaluation Facility (ITSEF) at levels substantial and high.

Our certification scope

We are a certified lab to offer EUCC and SESIP certifications.

Our certification process