Skip to Menu Skip to Search Contact Us Skip to Content

Increasing connectivity of equipment, systems and applications in cyber-physical networks creates risk.

Cybercrime is focused on industries such as the automotive sector, electronics and software, as well as mechanical engineering and critical infrastructure with its automation and industrial control systems (ICS). The connectivity of previously isolated products or systems presents a new range of vulnerabilities and related cyber security challenges. Experience has demonstrated that many of these products and systems, and their components, often have inadequate protection in the event of a cyber attack.

The effects of a cyber attack can be devastating for your data and/or functionality.

As an accredited inspection body for cyber security SGS can assist you in the development, implementation and integration of secure functions and applications to protect components and communication. Our cyber security services make your staff, networks, systems and products fit for purpose and resilient to cyber attacks.

Our expertise

We are at the forefront of future legislation and standardization, and a member of both the European Public-Private Partnership (PPP) for Cyber Security of the European Commission and the European Cyber Security Organization (ECSO). In the field of cyber security standardization in the automotive sector we are active at national and global levels too.

In addition, we are participants in the German Alliance for Cyber Security (initiated by the German Federal Office for Information Security – BSI).

SGS Cyberlabs

The Cyberlab is SGS’s solution to the challenges of IT security. Within our Cyberlabs, we can help and support customers all over the world, in a consistent and standardized manner, 24/7/365.

Inside these state-of-the-art facilities, SGS can deliver services to help customers to understand the challenges they are facing in the digital economy:

  • Product testing

    As the largest operator of independent testing labs, we deliver services globally with a focus on key customer questions such as time to market, global approach, independence, transparency and confidentiality. Our services include:

    • Common Criteria Testing
    • IEC 62443 Industrial Cybersecurity
    • FIPS
    • SAE J3061 Automotive Cybersecurity
    • IEC 62351 Smart Grid
    • PCI-DSS

  • Network mapping and assessment

    For any IT infrastructure, one of the first challenges is to have a good understanding of its extent and the level of security. We have developed a set of predefined solutions to address those questions that any IT or IT security manager wants answered:

    • NMA Package – an independent security assessment of the most relevant points in any network. This service is delivered remotely and can be deployed over any infrastructure with little to no intervention from the client's personnel
    • WVA Package: this assessment checks remotely for security flaws in web applications which could lead to data loss. Checks are conducted against the minimum requirements of the OWASP standard’s top 10 web application vulnerabilities
    • SMA Package: this SCADA assessment focuses on PLCs and process controls and any access to the system (either physical or remote) by using the same basic methodology as that of the SGS Network Assessment

    Using advanced AI our solutions can carry out assessments, mostly automated, by comparing customer settings and architecture, to previous versions to get a deeper understanding of vulnerability, and a rating of the company network. This can then be benchmarked against other assessments, and the average of the client’s industry/sector.

  • Penetration testing

    Typically delivered after a network mapping and assessment. The results mean enable customers to understand not only the fix being applied to their networks to resolve vulnerabilities detected, but also whether their applications or web services have the required resilience against cyber criminals. To do so, we deliver:

    • External Penetration Test (EPT)
    • Web Applications Penetration Test (WPT)
    • Mobile Application Penetration Test (MPT)

  • Security operations center

    Our cyberlabs have powerful security operations centers that are designed to become the focal point of the company's response to cyber threats to its clients. Our solution helps companies to regain control over their networks and system activities, and to be able to deploy a consistent response in the event of a security incident. It is organized into three levels:

    • SOC Level I: External Perimeter Monitoring
    • SOC Level II: External and Internal Monitoring
    • SOC Level III: Incident Response Team

  • Service and management system certifications

    SGS has been taking the lead in providing enterprises with an array of IT certification, including:

    • ISO 20000
    • ISO/IEC 27001
    • CSA STAR Certification
    • Euro Cloud
    • Seal of Cybersecurity
    • IEC 62443

    SGS is also one of the first certified organizations to bring ECSA auditing training to China.

  • Cloud services

    Real-time upgrades, software on demand, resource and data sharing, as well as rapid scalability, data backup and business recovery; cloud services offers new features that sound fantastic. But, what reassurances can service providers offer that the platform, storage and software offered actually work as they should?

    To meet the growing needs of cloud service providers, SGS offers third party certification assurance services. This independent assessment means you can demonstrate to clients that your cloud services meet appropriate service standards across a range of criteria, for example, data protection, security, environment, infrastructure, applications and compatibility.

  • Training and professional certification services

    As the global leader in professional training, we offer worldwide centers of excellence, providing the very best learning and development solutions customized to your exact needs. You can trust us to provide high-quality consistent training and development at every level of your organization – anywhere in the world.

  • Data integrity and veracity services

    In a digital economy, one of the most valuable assets is data. The need to trust in data (its veracity), as well as to demonstrate proper handling (privacy) and intactness (integrity) is key for organizations. The ability to detect, withstand, respond to and recover from attacks or security breaches is a cornerstone for business continuity. SGS is the perfect partner to help customers to build, develop and improve their data handling capacity. From online solutions to assist customer data management, such as GDPRonline, to the assessment of data handling policies for mobile applications, SGS can help organizations to demonstrate how they handle their customers data in a sensitive, secure and compliant manner.