3 Step Approach for Manufacturers

SGS BG

A structured approach to developing and raising security maturity levels.

Cybersecurity and the development and maintenance of secure digital solutions is new for many companies. The required capabilities and the skills are often simply not there. Therefore, manufacturers and other stakeholders along the supply chain and the product life cycle need to develop and raise their security maturity level of their processes and solutions. The same holds true for the skill set of their employees.

Our 3-step approach for manufacturers:

  1. Improves understanding of their needs and gaps, taking into account how secure digital solutions need to be developed and maintained
  2. Develops a roadmap to increase the security maturity level of processes, employees and products
  3. Offers independent validation that they did the job right, once they achieve the targeted maturity levels

Step 1 – Analyze Gaps

Understand the security maturity level of your:

  • Products
  • Development and life cycle processes
  • Employees

Our services help you to understand what it takes to develop and maintain secure digital solutions and what gaps you have to close. Our gap analysis reports allow you to define next steps.

  • Basic awareness and introductory cybersecurity training adapted to your industry (1 day training activity)
  • Security quickscan for a dedicated target product and the applied development and product life cycle processes (2-3 day activity in workshop mode)
  • Formal and detailed Secure Development Life Cycle (SDLC) assessment according to BSIMM or OWASP methodologies

Step 2 – Raise the Security Maturity Level

Raise the security maturity level of your company by:

  • Understanding how to setup and take action to implement a secure development and product life cycle (SDLC)
  • Familiarizing yourself with best practice and ‘security by design’
  • Training your team and onboarding dedicated cybersecurity experts
  • Developing a roadmap covering and closing all gaps identified

We have programs in place supporting you in setting up and executing required processes or dedicated process phases. We can perform security design reviews together with you to check the effectiveness of the measures taken and we can help you to improve the skill set of your employees. We do this through:

  • Customized support activities along the implementation of a SDLC process
  • Supervision services for first pilot projects helping you to properly execute the SDLC
  • Cybersecurity related design reviews along the SDLC process
  • Professional and expert level trainings for cybersecurity related aspects

Step 3 – Demonstrate Effectiveness

Demonstrate your progress on cybersecurity by:

  • Making internal and externally supported security assessments a standard procedure in your SDLC allowing you to measure the quality and effectiveness of security measures
  • Using independent third-party security evaluation and certification, such as Common Criteria

Having established processes and a skilled team in place puts you in a position to develop and maintain adequately secure and robust digital solutions. Independent third-party attestation allows you to demonstrate the cybersecurity related quality of your solutions. Amongst others, our comprehensive services cover:

  • Standardized or proprietary security assessment and testing campaigns resulting in detailed test reports
  • Evaluation and certification runs such as Common Criteria up to EAL7, or
  • SESIP for IoT solutions (in preparation)

Ask our experts about protection against cyber threats

Contact us