Wide portfolio of cybersecurity services available worldwide
Cyber-attacks are becoming more aggressive and complex. This is not only limited to big business attacks, it is a growing concern within the Industrial IoT as well as within the Consumer IoT markets. The numbers of connected devices also continues to grow with estimates of around 50 billion connected things by 2020.
Aligned to this growing trend of ubiquitous connectivity leading to increased safety and security risks, governments around the world are implementing regulations to enhance the cyber resilience of its Member States.
EU Cybersecurity Act
The EU Cybersecurity Act was published on 7 June, 2019 to address existing certification fragmentation in the certification landscape to reduce costs and administrative burdens for companies and strengthen the digital single market.
Bureau Veritas is also a member of Eurosmart, known as the voice of the digital security industry, who has developed a Certification Scheme for IoT devices based on the EU Cybersecurity Act.
Additionally, standards bodies around the world and many organizations such as IoT Security Foundation (IoTSF), GSMA, continue to issue best practice guidance and standards including the recently published ETSI, the European Telecommunications Standards Institute, cybersecurity standard for consumer Internet of Things launched in February 2019 (ETSI TS 103 645).
Bureau Veritas Solution
With this increasing pace in adoption of connected devices, continued rise in frequency and targets of cyber-attacks and the various impending cybersecurity regulations and guidelines published around the world, Bureau Veritas continues to evolve its Product Cybersecurity Test Suite.
Everyday vulnerabilities in IoT are being exploited with malicious intent – yet the vast majority of them can be prevented simply and cost-effectively through Bureau Veritas services.
- Bureau Veritas' Automated Product Test (P-Scan): Applicable to wireless enabled products integrating three of the major wireless technologies impacting smart automation and consumer IoT products, Bluetooth®, Wi-Fi® and Zigbee; wireless device buyers and manufacturers can now assess their products against all known vulnerabilities. Literally in a matter of days, and at low cost compared to many of the established incumbent schemes, a wireless device can be assessed for its resilience against all known cyber-attacks providing confidence to the end user and the company that due diligence has been carried out. Part of Bureau Veritas’ service is also the provision of technical support services including training and workshops on cybersecurity. This helps Bureau Veritas’ clients prepare for the requirements of the various cybersecurity regulations and standards, but also how to implement best practice approaches in the assessment of the resilience of their products.
- National/Industry Requirements: On top of this innovative Cybersecurity Service, Bureau Veritas has labs worldwide who are accredited in performing security testing and certification solutions including its TAF accredited lab in Taiwan and CTIA accredited lab in USA.
- USA State Requirements: New privacy regulations continue to be published and enforced:
- The California Consumer Privacy Act (CCPA) resulting in requirements for businesses to provide reasonable security measures when handling personal information, taking steps to protect this information, and dispose of it when it is no longer necessary.
- Nevada's SB220, which prohibits operators of websites or online services from selling certain information if directed by the consumer to not sell it.
- Bureau Veritas offers evaluation of these characteristics, employing principles from the NIST Privacy Framework to determine compliance.
- Payment Security: Bureau Veritas ICTK in Korea also provides a full range of payment transaction security solutions against NFC, EMVCo and Visa/Discover requirements.
- Management System Certification: Family of guidance and management standards helps secure the confidentiality of your company’s information
ISO 27001: Information Security Management System
ISO 27001 heads a family of information security standards that provide comprehensive guidance and support to systematically understand your information security risks and vulnerabilities. By implementing ISO 27001, you can apply rigorous information security methodologies, reducing risks and safeguarding against security breaches.
ISO 27017: Information security for cloud services
ISO 27017 is an international code of practice for cloud-based information that establishes clear controls for information security risks. For cloud-service providers already certified to ISO 27001, ISO 27017 is a complementary standard that helps reassure clients of their information safety.
Bureau Veritas’ GDPR / Data Protection Technical Standard
Compliance with GDPR requires a holistic approach to data protection that considers the complete life cycle of personal data. Bureau Veritas’ Data Protection Certification Scheme’s Technical Standard can help companies devise and implement policies to comply with GDPR and equivalent regulations outside the EU.
TISAX: the world’s leading automotive information security management standard
TISAX is globally recognized, and is required to do business with all major German automotive players. All automotive suppliers and service providers who process sensitive information should use TISAX to meet consumer and regulatory information security requirements.