Get the right certification level for your IoT platform and demonstrate your security commitment to clients.
The SESIP methodology and certification scheme enables companies with IoT platforms to demonstrate that their solution can provide specific functionalities and services to install IoT apps and guarantee protection against state-of-the-art attackers.
The Security Evaluation Standard for IoT Platforms (SESIP) defines a standard for trustworthy assessment of the security of IoT platforms. This methodology, published by GlobalPlatform, details the specific requirements for an IoT platform security evaluation and parts thereof. SESIP includes a set of Security Functional Requirements and defines the Security Assurance Requirements packages. SESIP requirements are based on the Common Criteria standard (ISO 154080, v3.1), but they have been redefined for the specific purpose of the evaluation of IoT platforms and parts to streamline the certification process Using this methodology, TrustCB has developed and operates the “TrustCB SESIP scheme”, with Applus+ Laboratories as one of the few accredited security labs conducting SESIP evaluations.
SESIP methodology is very flexible, and divided into different levels of assurance:
The SESIP scheme has been adopted and is currently being considered as a compliance requirement or proof of cybersecurity resilience for a wide variety of industries like Automotive, Consumer IoT or Industrial IoT. It reduces complexity, cost and time-to-market for IoT stakeholders by offering a methodology that’s mappable to other evaluation methodologies, and compliant with standards and regulations.
Applus+ Laboratories can evaluate all SESIP levels and also offer a wide scope of options in terms of cybersecurity for IoT developers thanks to its accreditations.
We are an accredited laboratory for Common Criteria up to EAL 6+ and have SOG-IS recognition. Additionally, as a PSA certification accredited lab based on SESIP methodology, we can help clients obtain both PSA and SESIP certification by conducting one single evaluation.
When it comes to IoT consumer devices, our accreditations also allow us to conduct evaluations under both ETSI EN 303 645 and IEC 62443 standards.
Cybersecurity requirements under the Radio Equipment Directive can also be covered by our team of experts before they become mandatory. Today, we are the first Notified Body in Europe accredited to conduct these evaluations.
We can help you decide the best approach for your project, ensuring your IoT solution has an adequate level of protection and holds trusted certifications that pave the way for its market adoption.