Tested and certified IT security

The IT landscape is becoming increasingly complex and difficult to manage. The security requirements of companies are changing rapidly. It is therefore all the more important to review the protection of IT products and systems at regular intervals.

With its Security Qualification (SQ), TÜVIT offers a standardized and flexible certification procedure that allows the integrated analysis of products and networked system solutions.

 

Standardized certification procedure

For the test and certification of complex IT systems and IT products, TÜVIT has developed a process for Security Qualification (SQ). All available best practice test procedures from our many years of experience have been integrated into this procedure. The SQ has been included in the trusted certification program of TÜVIT as a standardized procedure, as

  • Trusted Site Security (TSS) for IT systems and
  • Trusted Product Security (TPS) for IT products.

The SQ certification procedure offers a significantly higher level of flexibility than simply working through checklists. It can thus be used for very different application cases, ranging from relatively simple single products to highly complex networked systems.

The range extends from simple software components and appliance solutions to web applications and even widely spread systems, and covers many different technologies.

Evaluation criteria

To determine the security-related characteristics of IT systems and products, TÜVIT has developed evaluation criteria that can be adapted to the system or product to be certified in a suitable way.

Evaluation criteria for IT systems

  • technical security requirements
  • architecture and design
  • installation and operation
  • vulnerability analyses and penetration tests
  • change management

Evaluation criteria for IT products

  • technical security requirements
  • architecture and design
  • development process
  • installation and operation
  • operating rules
  • vulnerability analyses and penetration tests
  • change management

Link

Our services at a glance

  • The subject matter of the certification is defined in a kick-off workshop. Beyond that, the technical security requirements are defined in cooperation with our IT security experts, and subsequently approved by the certification body. The technical security requirements form the basis for the testing plan, and are confirmed by TÜVIT with the certificate after the conclusion of the certification procedure
  • The technical security requirements are evaluated in relation to the selected Security Assurance Level (SEAL), by means of penetration tests and vulnerability analyses
  • The test results are assessed in a risk analysis, and documented in a conclusive test report
  • If all technical security requirements and SQ-test criteria are fulfilled, a certificate is issued, and upon request the test mark is published on the TÜVIT website

Certificate

Your benefits at a glance

  • Risk mitigation and cost efficiency through regular testing to eliminate vulnerabilities
  • Confidence-building and competitive advantage: with a certificate from TÜVIT, you can demonstrate the high security level and quality of your products and systems to clients and partners
  • External testing by an independent third party: this is a powerful tool to establish credibility and accountability
  • Proof of confidence to internal auditors and external regulatory authorities
  • Four-eye principle, because our test reports are reviewed and approved by the certification body

Further services

Penetration Tests

As an IT security service provider for penetrationtesting we help to identify organizational and technical security vulnerabilities.
Read more
System and Network Security

System and Network Security

The commonest targets of hacker attacks are the IT systems and data networks of companies. In order to detect attacks as early as possible, TÜVIT offers penetration tests on system and network levels.
Read more
Web Application Security

Web Application Security

In order to enable you to secure the applications that drive your business, TÜVIT offers penetration tests for web applications tailored to your needs.
Read more
Advanced Persistent Threats

Advanced Persistent Threats

Advanced Persistent Threats (APTs) are highly developed and targeted attacks that operate covertly in order to leave no visible traces. TÜVIT offers various modules to prevent Advanced Persistent Threats.
Read more
Enhanced Security Services

Enhanced Security Services

TÜVIT offers Enhanced Security Services, to keep your IT security level high at all times: from monitoring and retesting up to Red-Teaming.
Read more

Mobile Security

TÜVIT mobile-specific testing approach offers optimal protection for your mobile data. From the analysis of mobile strategy and evaluation of IT infrastructure including mobile device management systems, through to application testing.
Read more
Industrial Security

Industrial Security

In the context of the Internet of Things (IoT), the networking of systems for process control, production and automation is increasing dramatically. As a result, challenges are also increasing in relation to security. TÜVIT offers security checks and penetration tests in order to reduce security vulnerabilities in your production infrastructure.
Read more

Router Security: BSI TR-03148

With BSI TR-03148 for "Secure Broadband Routers", you – as a manufacturer – can prove that your broadband routers meet the security requirements defined by the BSI. We check the implementation and accompany you on the way to successful certification according to BSI TR-03148.
Read more

CyberSecurity Certified (CSC)

Are you a manufacturer of a CIoT product and want the security of your (smart home) device confirmed by an independent third party? Then we will be happy to accompany you on your way to a successful CSC certificate.
Read more

Accelerated Security Certification (BSZ)

The BSZ is an independent certificate that confirms the security statement of your IT product – quickly, predictably and with a minimum amount of documentation.
Read more