Sogeti provides three offers based on the best international framework, namely the Common Criteria.
New information technologies provide products that are better than ever for improving information processing and transmission.
Nevertheless, the information being processed and exchanged constitutes a strategic asset for companies and organisations.
While the use of these products provides undeniable advantages, it also induces risks to the security of these critical assets.
Therefore the choice of the product leads to the never-ending question:
How much confidence can I have in the product’s security?
Sogeti can help you find the answer.
Sogeti’s objective to support the information security of its clients is carried out among a complete scope of competencies from security governance to the integration of secure solutions.
These competencies form the ESEC (European Security Expertise Center) which is the expertise center in information security for the Sogeti and Capgemini groups.
The Sogeti ITSEF1 contributes to this objective by providing a greater level of confidence in the security of IT products and systems.
In addition to specific security expertise and French CSPN certification, Sogeti opens the scope with Common Criteria.
This expertise leads to three offers:
Prior to formal certification, Sogeti offers a pre-certification assessment. This assessment ascertains the feasibility of the evaluation in a short amount of time. It provides a clear view on the development process maturity with regards to CC requirements and a first assessment on the product’s security.
This pre-certification assessment by Sogeti can encompass:
Certification project and support
When starting a Common Criteria evaluation, the developer needs to provide all the deliverables requested by the evaluation assurance level (EAL). Sogeti provides evaluation and assistance to the developer for an accurate and complete fulfilment of Common Criteria requirements.
Sogeti supports the developer to:
Common Criteria evaluation
Sogeti has his full agreement and accreditation as an official ITSEF, licensed by the French certification body ANSSI.
Sogeti focuses on security evaluations for both hardware and software.
The expertise of Sogeti ITSEF relies on:
1 ITSEF - Information Technology Security Evaluation Facility.
2 CSPN – First Level Security Certification CSPN is a security certification established and operated by the French Information Systems Security National Agency (ANSSI) which provides an evaluation based on expertise to assess the security of an IT product in 25 man-days.
3 The Sogeti R&D team is part of Sogeti ESEC and is located in Paris – France.
4 CEA-Léti is a laboratory dedicated to Electronics and Information Technologies (of the French Atomic Energy Commission located in Grenoble - France). This laboratory is one of the main European centers for applied research in electronics.