Transparency and trust

An organisation can use a certificate to provide proof that a product or a service is fully compliant with a set of defined security requirements. An independent audit conducted by the BSI creates trust, and provides evidence of confidentiality, authenticity and availability. Accordingly, certification offers real value in terms of transparency in what is still a very heterogeneous market. Businesses and public authorities can also use certification as a highly visible method of advertising their commitment to secure solutions to business partners and customers, and thereby secure a competitive advantage in the market. Information security is a strategic decision - and a certificate underlines this commitment as part of both internal and external messaging. The BSI is able to apply its long experience in certification at national and international level.

Trust is good - but a certificate is better

In today's markets for products and services, secure solutions have never been in greater demand: certification is an effective approach for providers needing to ensure the secure digitalisation of their portfolio. In accordance with the BSI Act and the BSI Certification and Approval Ordinance, the BSI is tasked with performing certifications for information technology products or components and information technology systems. Certification programmes define rules in relation to scope or requirements, for example, and also describe how the certification is to be carried out. Depending on the volume of systems to be audited or the number of participating employees, the time taken to complete a certification process can be anywhere from three months to a year. One alternative here is Beschleunigte Sicherheitszertifizierung (BSZ, English: accelerated security certification), which is able to offer more manageable evaluation periods as well as fewer requirements for documentation. A certification process requires a high level of technical skills on the part of all participants. With over 1,000 certification procedures conducted to date, plus numerous standards and guidelines, BSI certification enjoys an enviable reputation.

Who needs which certificate?

Manufacturers or distributors can apply for a product certification. These certificates attest to the fulfilment of the internationally recognised Common Criteria or a Technical Guideline. Product certification confirms that a product version fulfils certain functional and security properties, which are specified in protection profiles, security targets or Technical Guidelines. With an ISO 27001 certificate, an organisation proves that its management system's level of information security conforms to IT-Grundschutz. Once certified, the organisation also advertises its successful implementation of the proven BSI method to external parties. The BSI also offers a wide range of services for personal certification: auditors for various specialist subjects, IS auditors and IT-Grundschutz consultants are just some of the types of certification in demand.
The BSI supplements its certification services with a number of approval programmes. Approval confirms an organisation's technical know-how and suitability within the requested application scope. Companies can become approved as a testing laboratory or provider of IT security services, for example, and so make an important contribution to information security in Germany.

Certified and networked

The BSI is the official certification body for Germany, and works together with national and international partners to improve cyber security at a global level. The BSI portfolio of certification and approval services for products, services and individuals is an important contribution to information security in Germany. When will YOU make the most of certification?