finger on lock

Information Technology Security Evaluation Facility (ITSEF)

Sogeti provides three offers based on the best international framework, namely the Common Criteria.

Security: The challenge for IT

New information technologies provide products that are better than ever for improving information processing and transmission.

Nevertheless, the information being processed and exchanged constitutes a strategic asset for companies and organisations.

While the use of these products provides undeniable advantages, it also induces risks to the security of these critical assets.

Therefore the choice of the product leads to the never-ending question:

How much confidence can I have in the product’s security?
Sogeti can help you find the answer.

Global security

esecSogeti’s objective to support the information security of its clients is carried out among a complete scope of competencies from security governance to the integration of secure solutions.

These competencies form the ESEC (European Security Expertise Center) which is the expertise center in information security for the Sogeti and Capgemini groups.

Evaluation facility

The Sogeti ITSEF1 contributes to this objective by providing a greater level of confidence in the security of IT products and systems.

In addition to specific security expertise and French CSPN certification, Sogeti opens the scope with Common Criteria.

This expertise leads to three offers:

  • Pre-certification assessment
  • Certification project support
  • CC evaluation

Pre-certification assessment

Prior to formal certification, Sogeti offers a pre-certification assessment. This assessment ascertains the feasibility of the evaluation in a short amount of time. It provides a clear view on the development process maturity with regards to CC requirements and a first assessment on the product’s security.

This pre-certification assessment by Sogeti can encompass:

  • Security Target evaluation
  • Overview and completeness of evaluation evidence
  • Pre-audit of the development environment
  • Evaluation of the security of the product with CSPN2 methodology that can lead to a security certificate

Certification project and support

When starting a Common Criteria evaluation, the developer needs to provide all the deliverables requested by the evaluation assurance level (EAL). Sogeti provides evaluation and assistance to the developer for an accurate and complete fulfilment of Common Criteria requirements.

Sogeti supports the developer to:

  • Collect information from the developer and organise it according to evaluation requirements
  • Follow the certification process
  • Produce the evaluation reports and provide helps for improving the development process

Common Criteria evaluation

Sogeti has his full agreement and accreditation as an official ITSEF, licensed by the French certification body ANSSI.

Sogeti focuses on security evaluations for both hardware and software.

The expertise of Sogeti ITSEF relies on:

  • Sogeti competencies in network and software security with its IT security R&D team3, licensed for Common Criteria & CSPN2
  • Security expertise of the CEA-Léti4 (licensed ITSEF for micro-controller evaluations) gained from their partnership on IT security

1 ITSEF - Information Technology Security Evaluation Facility.
2 CSPN – First Level Security Certification CSPN is a security certification established and operated by the French Information Systems Security National Agency (ANSSI) which provides an evaluation based on expertise to assess the security of an IT product in 25 man-days.
3 The Sogeti R&D team is part of Sogeti ESEC and is located in Paris – France.
CEA Léti4 CEA-Léti is a laboratory dedicated to Electronics and Information Technologies (of the French Atomic Energy Commission located in Grenoble - France). This laboratory is one of the main European centers for applied research in electronics.


todo todo