Insight Series: Adding value to certification with ISO 17065 accreditation
Following the announcement of GlobalPlatform becoming an ISO 17065 accredited certification body, Technical Director, Gil Bernabeu, discusses the value the accreditation will add to the connected device ecosystem.
As a global certification body that evaluates the security and functionality of digital services and devices, it is important that GlobalPlatform can display excellence in execution. The organization recently achieved accreditation* against ISO 17065, demonstrating that the processes in place for its three certification schemes – functional, secure element (SE) security and trusted execution environment (TEE) security – are verified against international standards.
The requirements for ISO 17065 are simple; a certification scheme must prove itself to be impartial, competent, confidential, open and consistent. This is not only important to GlobalPlatform, as it verifies the quality of our schemes and that they are being managed in the right way, but it is also important for our certified stakeholders, as ISO accreditation strengthens the value of the certifications achieved by their products.
Evolving cybersecurity requirements
Connected device types and regulatory practices are constantly evolving, and GlobalPlatform needs to be positioned to migrate alongside this ever-changing landscape. Achieving ISO 17065 accreditation positions GlobalPlatform for future challenges, making it agile to evolve its certifications as requirements change while enhancing its reputation with increased recognition.
Most cybersecurity requirements are trending towards an increasing focus on device manufacturers being able to show evidence their device is secure. Achieving certification from an accredited body provides a standardized way in which to do this, giving assurances to the manufacturer that the device will meet all the necessary regulations.
ISO 17065 accreditation enhances GlobalPlatform’s position as a market leader in certification. Furthermore, GlobalPlatform’s ability to adapt to geographic variations and the various discrepancies between different verticals means that it is positioned well to adapt to the changing demands of both regulators and vendors. This flexibility, coupled with the value added by ISO 17065, means that GlobalPlatform certification schemes give industry partners and other stakeholders confidence in their solutions.
What does this mean for device makers and vendors?
Buying purely on price and availability can expose users to avoidable risk. Certification is a benchmark for product quality; a map that leads you to reliable manufacturers. Certification by an ISO 17065 accredited Body provides tangible proof that products fulfil security or functional requirements, facilitating trust, confidence and collaboration between stakeholders.
Thanks to a proactive process of collaboration with both vendors and laboratories, the GlobalPlatform processes have been tailored to provide the best value for stakeholders throughout the ecosystem. The level and scope of the certification has been clearly defined to generate a clear marketing message, while the processes of evaluation have been optimized to minimize time and cost investments while maintaining the required levels of scrutiny.
GlobalPlatform’s unique position
Regulations demand that device manufacturers have a strong root of trust upon which a device’s secure services can be securely loaded. GlobalPlatform is uniquely positioned to be able to assist with this from multiple angles as it has been developing secure component technologies – SE, TEE, MCU – for many years, and there are over 62 billion GlobalPlatform secure components on the market today.
The ISO 17065 accredited certification schemes can work in tandem with the organization’s own technology to create secure solutions. These twin arms of the organization allow GlobalPlatform to both provide standardized secure technologies, but also help the ecosystem implement and demonstrate them through functional and security certification.
Secure components can be embedded into a device quickly and efficiently, without the need to design new security architectures. GlobalPlatform also supports the varied IoT ecosystem in determining the level of security a device requires. Additionally, by leveraging the principles of composition and reuse, components can be incorporated into a solution with the assurance that they are secure, based on previous certifications.
As a single entity that combines both the technological development and certification processes, GlobalPlatform offers device manufacturers a seamless path to creating and deploying secure solutions.
The need for collaboration
As certification schemes continue to evolve, certification bodies, regulators and industry partners must continue to collaborate. GlobalPlatform has worked alongside organizations in a range of technology focused industries, providing certification to EMVCo, FIDO Alliance and GSMA to name but a few. Through working alongside these organizations as well as a host of other partners, GlobalPlatform is supporting the development of both individual applications and parts, right through to final end-products. This collaboration facilitates the development of interoperable products and solutions by allowing device manufacturers to add applications to be certified on different verticals in a straight-forward process.
The ISO 17065 accreditation process is testament to this collaborative process as it highlights how GlobalPlatform’s member have come together to enhance the status of the organization, and in turn add value to the certifications that vendors achieve.
Watch the video below to learn more about ISO 17065, and read about the benefits of certification here.
*GlobalPlatform received the accreditation (number 5486.01) from the American Association for Laboratory Accreditation (A2LA) among the largest accreditation bodies in the world and the only independent, non-profit, internationally recognized accreditation body in the United States.