TrustCB works with the following licensed labs:

Licensed Lab Scope of lab license

Brightsight B.V.

Brasserplein 2

2616 CT Delft

The Netherlands

Point of Contact: Adjay Gopie

Email: [email protected]

Tel: +31 15 269 25 14

Web: www.brightsight.com

SESIP

MIFARE

Riscure B.V.

Delftechpark 49

2628 XJ Delft

The Netherlands

Point of Contact: Pascal van Gimst

Email: [email protected]

Tel: +31 15 251 40 90

Web: www.riscure.com

PROVISIONALLY LICENSED for:

SESIP

MIFARE

Applus+

Ronda de la Font del Carme, s/n

E-08193 Bellaterra (Barcelona)

Spain

Point of Contact: Guillem Malagarriga

Email: [email protected]

Tel: +34 93 567 20 00

Web: https://itlabs.appluslaboratories.com/

PROVISIONALLY LICENSED for:

SESIP

MIFARE

SRC Security Research & Consulting GmbH

Emil-Nolde-Str. 7

D-53113 Bonn

Germany

Point of Contact: Detlef Kraus

Email: [email protected]

Tel: +49 228 2806 0

Web: https://www.src-gmbh.de

PROVISIONALLY LICENSED for:

SESIP

TrustCB licenses each evaluation laboratory (lab) that it uses to conduct IT security evaluations under one or more of the schemes operated by TrustCB. To be licensed, a lab must meet the minimum lab requirements, as detailed here.

Minimum requirements of labs licensed by TrustCB:

  1. The lab shall have a suitable functioning quality system for the control of evaluation tasks. This can be demonstrated through ISO/IEC 17025 accreditation by the national accreditation council of the lab testing activities with the appropriate scope (such as Common Criteria, ISO/IEC 15408, or ISO/IEC 18045).
  1. The lab shall employ staff who have demonstrable evaluation knowledge, general technical skills, IT skills, and knowledge of IT security evaluation (such as Common Criteria). While this is partially addressed through the ISO/IEC 17025 accreditation process, TrustCB has a responsibility to ensure that the evaluators employed by the lab have suitable knowledge of the evaluation criteria and methodology, as well as suitable testing skills for the technical domain in which they operate. Evaluators must have completed a recognised evaluator training course and passed the associated examination.
  1. The lab shall demonstrate suitable security of the organisation’s operations, staff, and processes in relation to evaluation activities. The lab shall document and apply security operating procedures to control the processes and the handling of evaluation materials (samples and evidence). The security operating procedures shall cover the handling and storage of physical items and the processing, exchange, and storage of electronic items. As such, the procedures must consider the physical location of the lab and the networks and computing equipment used within the lab and remotely.
  1. The lab shall demonstrate its ability to complete an evaluation. The lab shall complete a trial evaluation, as specified by TrustCB, applicable to the scheme(s) under which the lab chooses to operate.

To become a licensed lab, the lab must submit a request to TrustCB, together with the following:

To avoid unnecessary delay in the licensing process and to ensure the lab has a suitable functioning quality system, TrustCB highly recommends that the lab seeks accreditation against ISO/IEC17025 from its national accreditation council (such as the RvA in The Netherlands).