Asian clients will henceforth be able to do their pre-evaluations in China, with technical support provided by local personnel, before the official evaluation is undertaken by our Spanish laboratories.
Applus+ Laboratories is extending its cybersecurity services to China, having secured
A2LA ISO/IEC 17025 accreditation (Certificate Number: 4106.02) to evaluate the security of IT products. This accreditation recognises the Applus+ Shanghai laboratory’s expertise in undertaking evaluations in line with the
Common Criteria methodology. Common Criteria is the sector’s most widely recognised standard, with applicability to a wide range of IT industries and products.
Applus+ clients in Asia will benefit from expert technical support from the Shanghai team for all work that precedes the official Common Criteria evaluation, including a product’s pre-evaluation.
Official certification ultimately takes place in Spain, where Applus+ boasts two IT security evaluation facilities accredited by Spain’s Common Criteria certification body, the Centro Criptológico Nacional (CCN). Certificates issued by the CCN Common Criteria certification are recognised both at a European (SOG-IS) level and a global level (Common Criteria).
Applus+ Laboratories has extensive experience in carrying out high-level Common Criteria security evaluations (EAL 4 and above), and its success stories include key Asian clients such as
TMC and
Winbond.
What are the Common Criteria & SOGIS Certification?
Common Criteria is a benchmark certification in IT security, and is it based ion seven evaluation assurance levels (EAL) with different protection profiles for each type of product. This certification scheme is supported by the Common Criteria Recognition Agreement, which states that all Common Criteria certificates issued by the national certification body will be recognized by the rest of the other countries. This global recognition only applies to certificates up to EAL 2. At European level, there is another mutual recognition agreement, SOGIS, which recognizes evaluations of the highest levels for specific technical areas.
Each national certification body may recognize independent laboratories to carry out a Common Criteria security evaluation, whose results must then be revisewed and validated by the OC (Spanish certification body). Spain is part of both CC and SOGIS agreements.
Applus+ haves two IT Security Evaluation Facilities (ITSEF) recognized to conduct official Common Criteria Evaluations, one in Madrid and another in Barcelona. Prior to being recognised by an OC, laboratories must be accredited under ISO/IEC 17025, thatwhich recognises the laboratory’s technical competence to conduct the testing and evaluations included in the Common Criteria methodology.