A structured approach to developing and raising security maturity levels.
Raise cybersecurity maturity levels with the three-step approach from SGS.
Cybersecurity and the development and maintenance of secure digital solutions is a new area for many organizations. Our three-step approach enables manufacturers and stakeholders in the supply chain and product lifecycle to develop and raise the security maturity level of their processes, solutions and people.
Why choose the three-step approach from SGS?
Our three-step approach enables you to:
- Understand needs and gaps, taking into account how secure digital solutions need to be developed and maintained
- Develop a roadmap to increase the security maturity level of processes, employees and products
- Gain independent validation once you have achieved the targeted maturity levels
Step 1 – Analyze Gaps
Understand the security maturity level of your products, development and lifecycle processes, and employees. Our services help you to recognize what it takes to develop and maintain secure digital solutions and what gaps you need to close. Our gap analysis reports allow you to define the next steps. It includes:
- Basic awareness and introductory cybersecurity training adapted to your industry (a one-day training activity)
- Security scan for a dedicated target product, and the applied development and product lifecycle processes (a two- to three-day workshop)
- Formal and detailed Secure Development Life Cycle (SDLC) assessment according to BSIMM or OWASP methodologies
Step 2 – Raise the Security Maturity Level
To raise the security maturity level of your company, we help you to:
- Understand how to set up and take action to implement a secure development and product life cycle (SDLC)
- Familiarize yourself with best practice and ‘security by design’
- Train your team and onboard dedicated cybersecurity experts
- Develop a roadmap covering and closing all identified gaps
Our programs support you in setting up and executing the required processes or dedicated process phases. We perform security design reviews together with you to check the effectiveness of the measures taken and help you to improve the skill set of your employees through:
- Customized support activities along the implementation of a SDLC process
- Supervision services for first pilot projects helping you to properly execute the SDLC
- Cybersecurity related design reviews along the SDLC process
- Professional and expert level training for cybersecurity aspects
Step 3 – Demonstrate Effectiveness
We enable you to demonstrate your cybersecurity progress by:
- Making internally and externally supported security assessments a standard procedure in your SDLC, allowing you to measure the quality and effectiveness of security measures
- Using independent third-party security evaluation and certification, such as Common Criteria
Having established processes and a skilled team puts you in a position to develop and maintain adequately secure and robust digital solutions. Independent third-party verification enables you to demonstrate the cybersecurity related quality of your solutions. Our comprehensive services include:
- Standardized or proprietary security assessment and testing campaigns resulting in detailed test reports
- Evaluation and certification, such as Common Criteria up to EAL7, or SESIP for IoT solutions