Pre-evaluation services
Our pre-evaluation services will help you prepare for your formal. The benefit here is that you can identify potential attention points and adjust your products where necessary, in order to manage your formal evaluation process, Gaining an indepth understanding and preventing possible delays, is better than having to retake certain steps.
In light of this, we offer:
- Training
- Developer support
- Pre-testing
- GAP analysis
- Readiness validation
- Impact analysis
Security evaluation services
Assessment of security requirements against industry standards and schemes, with the ultimate goal to obtain certification from these specific schemes. A security assessment will result in a report that is sent to the schemes for approval. In order to pass all security checks, a smart consideration would be to have already undergone pre-evaluation.
We offer:
- Site audit
- Vulnerability assessment
- Delta evaluation
- Renewal and maintenance
- Re-validation
- Annual checkpoint
- Admi changes
Certification Body
Our independent certification body can be used to obtain certification after the security evaluation report has been prepared.
We offer certification services on behalf of:
Do you need to state that your product complies with security requirements?
Brightsight can help developers at every stage of their security development cycle, from pre-evaluation to final evaluation (leading to certification). Get your product tested in the development stage already to avoid any security issues in your final product, thereby minimising costs and delays in your product launch.
Security services
- Whether you are looking to prepare for a security evaluation or certification or are in the process of defining a design or product specification with security and privacy by design, we offer training courses adapted to your needs.
- To help you get security approval in time, prevent risks and avoid redesign costs late in your development process, SGS Brightsight offers pre-evaluations on both finished and unfinished products, documentation and sites. This way, you still have time to take action if we find anything crucial.
- Brightsight offers two types of security evaluations:
- Security evaluations leading to a certification, where testing is based on scheme requirements
- Security evaluation services to test your product against cybersecurity standards and regulations
- Various certifications require a security evaluation of a development and/or production site of the product. The result can be re-used in multiple product evaluations. The goal of a site pre-audit is to explore the gap between the current security level of the site and the JIL Minimum Site Security Requirements and draw up a concrete proposal of the steps needed to get the site ready for a formal site audit evaluation.
Security testing includes
- Scope & documentation
The goal of a document review is to evaluate the completeness in terms of content, presentation and readability of CC evidence. - Make use of the expertise of some of the best experts in the areas of IP, software and hardware security for validating and evaluating your designs. The goal of a design review is to identify potential weaknesses in the security architecture of the IC/Smart Card at an early stage. Source code review by one specialised 3rd party helps to identify blind spots.
- Vulnerability assessmentHave a vulnerability analysis performed in order to identify potential pitfalls, allowing you to focus your energy and resources where it matters.
- Penetration testing
- Design and code review
Stay up to date with the state of the art in security evaluation, using the ultimate techniques and tools.
