Tested and certified IT security

The IT landscape is becoming increasingly complex and difficult to manage. The security requirements of companies are changing rapidly. It is therefore all the more important to review the protection of IT products and systems at regular intervals.

With its Security Qualification (SQ), TÜVIT offers a standardized and flexible certification procedure that allows the integrated analysis of products and networked system solutions.

 

Standardized certification procedure

For the test and certification of complex IT systems and IT products, TÜVIT has developed a process for Security Qualification (SQ). All available best practice test procedures from our many years of experience have been integrated into this procedure. The SQ has been included in the trusted certification program of TÜVIT as a standardized procedure, as

  • Trusted Site Security (TSS) for IT systems and
  • Trusted Product Security (TPS) for IT products.

The SQ certification procedure offers a significantly higher level of flexibility than simply working through checklists. It can thus be used for very different application cases, ranging from relatively simple single products to highly complex networked systems.

The range extends from simple software components and appliance solutions to web applications and even widely spread systems, and covers many different technologies.

Whitepaper on Security Qualification (SQ) for products affected by NIS-2, RED or CRA

The free white paper looks at how the various regulatory requirements (e.g. NIS-2, RED or CRA) in the area of IT security can be addressed and fulfilled with the help of Security Qualification. 
 

The topics at a glance:  

  • Relevant EU directives or acts on cyber security in brief
  • The SQ certification
  • Project process and certification
  • TÜVIT’s SQ certification services

Evaluation criteria

To determine the security-related characteristics of IT systems and products, TÜVIT has developed evaluation criteria that can be adapted to the system or product to be certified in a suitable way.

Evaluation criteria for IT systems

  • technical security requirements
  • architecture and design
  • installation and operation
  • vulnerability analyses and penetration tests
  • change management

Evaluation criteria for IT products

  • technical security requirements
  • architecture and design
  • development process
  • installation and operation
  • operating rules
  • vulnerability analyses and penetration tests
  • change management

Our services at a glance

  • The subject matter of the certification is defined in a kick-off workshop. Beyond that, the technical security requirements are defined in cooperation with our IT security experts, and subsequently approved by the certification body. The technical security requirements form the basis for the testing plan, and are confirmed by TÜVIT with the certificate after the conclusion of the certification procedure
  • The technical security requirements are evaluated in relation to the selected Security Assurance Level (SEAL), by means of penetration tests and vulnerability analyses
  • The test results are assessed in a risk analysis, and documented in a conclusive test report
  • If all technical security requirements and SQ-test criteria are fulfilled, a certificate is issued, and upon request the test mark is published on the TÜVIT website

Your benefits at a glance

  • Risk mitigation and cost efficiency through regular testing to eliminate vulnerabilities
  • Confidence-building and competitive advantage: with a certificate from TÜVIT, you can demonstrate the high security level and quality of your products and systems to clients and partners
  • External testing by an independent third party: this is a powerful tool to establish credibility and accountability
  • Proof of confidence to internal auditors and external regulatory authorities
  • Four-eye principle, because our test reports are reviewed and approved by the certification body

Further services

Enhanced Security Services

Enhanced Security Services

TÜVIT offers Enhanced Security Services, to keep your IT security level high at all times: from monitoring and retesting up to Red-Teaming.
Read more