Consulting directly with customers can provide a serve that will help developers and manufacturers to obtain their product approval as well as those that provide stakeholders and end users with the necessary support to set up and understand security evaluation schemes.

Explanations on security needs and evaluation methods

We familiarize vendors with known threats and the security demands of their specific industry in order to provide constructive feedback on their translation from different requirements to a physical and logical implementation. Our goal is the improvement of IT product security. End users can profit from our extensive know-how on security evaluation methodologies when it comes to understanding what a specific security approval actually means.

Pre-evaluations

We provide pre-evaluations or security strength evaluations of prototypes or partial designs to search for obvious security flaws in a product. The main advantage of this approach is that security problems will be detected at an early stage without having a large impact on the product's time to market.

Re-usability

The pre-evaluation effort is often re-usable during the final security evaluation for type approval in case the design has not been significantly modified after the pre-evaluation. In other words, consulting activities may result in less risk for equal cost.

Creating Common Criteria documentation

Our customers are experts in building secure IT products. We know how to translate their product implementation into the appropriate Common Criteria terminology. We help writing Security Targets and Protection Profiles and support developers and manufacturers when it is necessary to set-up a suitable structure for their Common Criteria evidence documentation.

Designing efficient security processes

We assist companies in designing their individual security policy, requirements and procedures. To date, we have defined security processes for the banking, transport, telecom and ID industry.