Audit of development and production environments

If IT products are certified in accordance with the Common Criteria IT security standard or EMVCo, audits of development and production environments represent an integral part of the evaluation process. The product-independent certification of these sites enables the reuse in various product evaluation procedures and thereby contributes to the reduction of costs. For many years now, TÜVIT has been successfully carrying out site audits for production and development environments.

 

Objective of a site certification

A site certification serves to examine the implemented measures in order to ensure the integrity and confidentiality of the IT products developed/produced there. Sites can also be certified independently of IT products. This means that manufacturers of security products have the option of reusing these site certificates in a subsequent certification procedure for their IT products (such as chip cards or smart cards).

Our services at a glance

Our IT security experts assist you during the audit and certification process. After the evaluation of the manufacturer's documents for the description of the security measures implemented at the site concerned, we conduct an audit which serves as the basis for the certification. Here, the following aspects are taken into account:

  • configuration management / production flow control systems
  • security organization
  • personal security (including visitors)
  • physical security measures (buildings, development and production areas)
  • security in the process flows
  • retention and storage, transport and destruction of data and documents
  • data backup
  • emergency plans
  • delivery procedures

Typical sites which are suitable for site certifications:

  • mask houses
  • wafer production sites
  • assembly sites
  • distribution warehouses

Your benefits at a glance

  • cost reduction: once a site is certified, the products manufactured there for your clients do not need any further product-specific security audits for this site
  • time savings: the site certificate can be directly reused for further evaluation processes for IT products (such as chip cards)
  • proof of trust for your market positioning
  • quality assurance and improvement of your security infrastructure
Dr. Patrick BödekerHead of Department Hardware Evaluation

Tel.: +49 201 8999-618
Fax: +49 201 8999-666
p.boedeker@tuvit.de

Further services