As the largest operator of independent testing labs, we deliver services globally with a dedicated focus on time to market, independence, transparency and confidentiality. We help you understand cybersecurity threats and how to counter them to meet security criteria – from the smallest component up to the most complex system. Our services include:

• Common Criteria
• IEC 62443 Industrial Cybersecurity
• FIPS
• SAE J3061 Automotive Cybersecurity
• IEC 62351 Smart Grid
• PCI-DSS

Understanding your organization’s inventory of connected assets and level of security is vital. In addition, bring your own device (BYOD) programs and the use of WiFi hotspots can cause a range of additional cybersecurity issues. We offer a range of solutions to help, including:

• Network Mapping and Vulnerability Assessment (NMA): an independent security assessment of the most relevant assets in any network. Delivered remotely or onsite, our NMA package can be deployed over any infrastructure, from minimum to no intervention by your personnel
• Web Applications Vulnerability Assessment (WVA): an independent assessment for security flaws in web applications which could lead to data loss. Checks are conducted against the minimum requirements of the OWASP standard’s top 10 web application and top 25 CWE/SANS vulnerabilities
• Industrial Network SCADA/ICS Assessment (SMA): an independent assessment focusing on PLCs, process controls and protocols and any access to the system (either physical, local or remote) by using the same basic methodology as that of the SGS Network Assessment

Using advanced artificial intelligence (AI), we carry out assessments, mostly automated, by comparing your settings and architecture to previous versions to get a deeper understanding of vulnerabilities, and a rating of your company network. This can then be benchmarked against other assessments, and the average in your industry/sector.

Penetration testing provides an exact picture of your cybersecurity resilience, and the weak points in infrastructure and processes. Typically delivered after a network mapping and assessment, penetration testing makes possible to determine the impact of vulnerabilities and security flaws found during the assessment phase. The results enable you to understand how to address vulnerabilities, and whether your applications or web services have the required resilience against cybercrime. Our service includes:

• External Penetration Test (EPT): independent verification of your Internet IT and OT network and infrastructure security. EPT is verified through an intrusion test where the vulnerabilities identified during the assessment phase will be exploited. The intrusion test is conducted using the techniques and tools used by real attackers
• Web Applications Penetration Test (WPT): independent verification of the security and resilience capability of your web applications. It is verified through an intrusion test where the vulnerabilities identified during the assessment phase will be exploited. The intrusion test is conducted using the techniques and tools used by real attackers
• Mobile Application Penetration Test (MPT): independent assessment of your mobile and desktop applications, reviewing code, communications, data storage, and different sets of attacks to challenge the security architecture

Cybersecurity threats are active 24/7. Though many occur are on the internet, they mainly come from inside organizations. That is why our SOC services provides you with the real-time continuous monitoring needed to control your assets. We help you to re-gain control over your networks and system activities, and to deploy a consistent response in the event of a security incident. As an accredited and independent third party, we provide services without conflicts of interest, organized into three levels:

• SOC Level I – external perimeter monitoring: real-time monitoring, investigation and remediation of external threats and attacks from the internet
• SOC Level II – external and internal monitoring: as with SOC Level II, with the addition of real-time monitoring, investigation and remediation of internal threats and attacks from inside your organization
• SOC Level III – incident response team: as with SOC Level I and II, with the addition of neutralizing the threat from the source, including gathering valid legal evidence

SGS provides enterprises with an array of IT certification, including:

• ISO 20000
• ISO/IEC 27001
• CSA STAR Certification
• Euro Cloud
• Seal of Cybersecurity
• IEC 62443

To meet the growing needs of cloud service providers, we provide third-party certification assurance services. This independent assessment enables you to demonstrate that your cloud services meet appropriate service standards across a range of criteria – for example: data protection, security, environment, infrastructure, applications and compatibility.

As the global leader in professional training, we offer worldwide centers of excellence, providing the very best learning and development solutions customized to your exact needs. We offer high-quality training and development at every level of your organization – anywhere in the world.

In a digital economy, one of the most valuable assets is data. The need to trust in data (its veracity), as well as to demonstrate proper handling (privacy) and intactness (integrity) is key for organizations. The ability to detect, withstand, respond to and recover from attacks or security breaches is a cornerstone for business continuity. We help you to build, develop and improve your data handling capacity. From online solutions to assist data management to the assessment of data handling policies for mobile applications, we enable you to confirm that you handle customer data in a sensitive, secure and compliant manner.