Product development at Advenica differs from traditional development work. Our customers require us be able to vouch for and demonstrate that our solutions are safe and offer high assurance. This can only be achieved if all work is performed under strong security protection and by instilling confidence in our solutions. In other words, that they can be evaluated.
The degree of assurance you need influences the amount of proprietary hardware in our solutions. We start development work by formulating a security target. This is where we map out all security issues our solution should manage. Based on this we identify the requirements on products, security and assurance. These requirements follow the solution throughout its lifecycle.
Once we have developed and delivered a solution we have a commitment to monitor the external environment for published vulnerabilities that may affect the security of the solution. If we detect any incident, we manage it through contacts with yourselves to develop an action plan that reduces or removes the effects of the incident.
High requirements on security mean we develop and produce vital parts of solutions in-house. This way we can ensure IT security protection of the development and production environments, perimeter security of our premises and the availability of reliable staff.
Normally we perform final assembly ourselves in our offices with our own personnel and under strict security.
We use different methods to demonstrate the security of our solutions. One is to allow a third party to review our solution and offer their opinion on security, which is how Common Criteria works.
Another method is for you to audit our solution to form your own opinion of the assurance and level of security we offer. Or you can access our own security analysis of the solution.
You take responsibility for all matters regarding management and use of the security protection system after a controlled delivery.
We include clear recommendations to make this process easy.
As security should not be trivialised we believe it is important for us to train your personnel. The interactivity that occurs during the training program ensures both parties that the security of the solution will be well managed.
Maintaining security systems can be a challenge, but not necessarily so.
As part of Advenica’s high assurance approach and long-term commitment, we today provide detailed threat intelligence for products towards National Security customers. This means we continuously review external factors that may impact the requirements to maintain the right level of information security, for instance legal requirements, new types of threats, current events or issue that potentially could have an impact on solutions.
Threat intelligence for Advenica products can be included in a support agreement.