TrustCB works with the following licensed labs:

Licensed Lab Scope of lab license

Applus+

Ronda de la Font del Carme, s/n

E-08193 Bellaterra (Barcelona)

Spain

Applus+ (additional lab location)

Parque Empresarial Las Mercedes. C/ Campezo,

1. Edificio 3; 28022 Madrid

Spain

Point of Contact: Guillem Malagarriga

Email: [email protected]

Tel: +34 93 567 20 00

Web: itlabs.appluslaboratories.com/

LICENSED for:

TrustCB SESIP Scheme

PROVISIONALLY LICENSED for:

GSMA eSA

MIFARE

FeliCa™ Approval for Security and Trust (FAST)

ECSEC Laboratory Inc.

3-21 Kanda-Nishiki-cho

Chiyoda-ku, Tokyo, 101-0054

Japan

Point of Contact: Hiroshi HARIMA

Email: [email protected]

Tel: +81-3-5259-8064

Web: http://www.ecsec.jp/english/index.html

LICENSED for:

TrustCB SESIP Scheme

PROVISIONALLY LICENSED for:

FeliCa™ Approval for Security and Trust (FAST):
(Applet evaluation)

Riscure B.V.

Delftechpark 49

2628 XJ Delft

The Netherlands

Point of Contact: Pascal van Gimst

Email: [email protected]

Tel: +31 15 251 40 90

Web: www.riscure.com

LICENSED for:

TrustCB SESIP Scheme

GSMA eSA

Netherlands Scheme for Certification in the Area of IT Security (NSCIB)

FeliCa™ Approval for Security and Trust (FAST)

PROVISIONALLY LICENSED for:

MIFARE

Secura B.V.

Karspeldreef 8,

1101 CJ Amsterdam

The Netherlands

Point of Contact:

Email: [email protected]

Tel: +31 40 237 79 90

Web: http://www.secura.com

LICENSED for:

Netherlands Scheme for Certification in the Area of IT Security (NSCIB)

Serma Safety & Security

14, rue Galilée – CS10071

33608 Pessac

France

Point of Contact: Pierre-Marie MADEC

Email: s[email protected]

Tel: +33 (0)5 33 20 65 17

Web: www.serma.com

LICENSED for:

MIFARE

TrustCB SESIP Scheme

FeliCa™ Approval for Security and Trust (FAST)

GSMA eSA

SGS Brightsight

Brassersplein 2

2612 CT Delft

The Netherlands

SGS Brightsight (additional lab location)

Parc Oficinas Sant Cugat Nord

Edifici A, Planta 2-B

Plaça Xavier Cugat, núm. 2

08174 Sant Cugat del Vallés (Barcelona)

Spain

SGS Brightsight (additional lab location)

Rue de la Belle du Canet

Arteparc Meyreuil – Immeuble F

13590 Meyreuil

France

Point of Contact:

Email: [email protected]

Tel: +31 15 269 25 00

Web: www.sgsbrightsight.com

LICENSED for:

TrustCB SESIP Scheme

MIFARE

Netherlands Scheme for Certification in the Area of IT Security (NSCIB

FeliCa™ Approval for Security and Trust (FAST)

GSMA eSA

SGS Cybersecurity Services

Inffeldgasse 28

8010 Graz

Austria

Point of Contact: Raphael Spreitzer

Email: [email protected]

Tel: +43 664 882 105 84

Web: www.sgs.com/cybersecurity-services

LICENSED for:

TrustCB SESIP Scheme

TÜV Informationstechnik GmbH

Am TÜV 1

45307 Essen

Germany

Point of Contact: Marc Le Guin

Email: [email protected]

Tel: +49-201-8999-639

Web: https://www.tuvit.de/en

LICENSED for:

TrustCB SESIP Scheme

Netherlands Scheme for Certification in the Area of IT Security (NSCIB)

FeliCa™ Approval for Security and Trust (FAST)

PROVISIONALLY LICENSED for:

MIFARE

UL TS B.V.

De Heyderweg 2,

2314 XZ Leiden

The Netherlands

Point of Contact:

Email: [email protected]

Tel: +31 71 581 3636

Web: www.ul.com/services/common-criteria-certification-information-technology-it-security

LICENSED for:

Netherlands Scheme for Certification in the Area of IT Security (NSCIB)

TrustCB has provisionally licensed the following labs pending completion of a pilot evaluation to become a fully licensed lab:

Provisionally Licensed Lab Scope of Lab License

AN Security Pte Ltd

124 Geylang Lorong 23

#02-01 ArcSphere, 388405

Singapore

Point of Contact: Daryl Koh

Email: [email protected]

Tel: +65 98271864

Web: www.an-security.com

PROVISIONALLY LICENSED for:

TrustCB SESIP Scheme

TrustCB licenses each evaluation laboratory (lab) that it uses to conduct IT security evaluations under one or more of the schemes operated by TrustCB. To be licensed, a lab must meet the minimum lab requirements, as detailed here.

Minimum requirements of labs licensed by TrustCB:

  1. The lab shall have a suitable functioning quality system for the control of evaluation tasks. This can be demonstrated through ISO/IEC 17025 accreditation by the national accreditation council of the lab testing activities with the appropriate scope (such as Common Criteria, ISO/IEC 15408, or ISO/IEC 18045).
  1. The lab shall employ staff who have demonstrable evaluation knowledge, general technical skills, IT skills, and knowledge of IT security evaluation (such as Common Criteria).
    While this is partially addressed through the ISO/IEC 17025 accreditation process, TrustCB has a responsibility to ensure that the evaluators employed by the lab have suitable knowledge of the evaluation criteria and methodology, as well as suitable testing skills for the technical domain in which they operate. Evaluators must have completed a recognised evaluator training course and passed the associated examination.
  1. The lab shall demonstrate suitable security of the organisation’s operations, staff, and processes in relation to evaluation activities.
    The lab shall document and apply security operating procedures to control the processes and the handling of evaluation materials (samples and evidence). The security operating procedures shall cover the handling and storage of physical items and the processing, exchange, and storage of electronic items. As such, the procedures must consider the physical location of the lab and the networks and computing equipment used within the lab and remotely.
  1. The lab shall demonstrate its ability to successfully complete an evaluation.
    The lab shall successfully complete a trial evaluation, as specified by TrustCB, applicable to the scheme(s) under which the lab chooses to operate.

Application

To apply to become a licensed lab, a candidate lab must submit a request to TrustCB. The request must include evidence that the lab is already mostly compliant with the requirements and the lab’s plan (including timing) for address the gaps in the compliance. As such, and to avoid unnecessary delays in the licensing process,  TrustCB highly recommends that the lab seeks accreditation against ISO/IEC17025 from its national accreditation council (such as the RvA in The Netherlands) to demonstrate the lab has a suitable functioning quality system.

TrustCB will review this request and associated evidence, and will respond with questions or an invoice for the lab licensing, together with a proposal for the lab audit.

At this point of the process, the lab can not claim any licensing status, beyond having applied to be licensed.

Audit and licensing fee(s)

Every year, including the year of application, the lab must pay the yearly license fee(s) and pass an audit for the schemes and technical domains the lab is (intended) to be licensed for. Non-conformities need to be resolved in a timely manner, as determined solely by TrustCB, or the lab’s licensing will be revoked partly or completely.

Provisionally licensed

Once all aspects of requirements 1-3 have been confirmed by TrustCB,  TrustCB will give the lab a “provisional license”. At this point, the lab can perform a trial evaluation to show compliance to requirement 4 for a specific scheme.

To users of the lab, “provisionally licensed” therefore reflects confidence in the lab’s technical competence to perform trial evaluation, while full licensing is pending. Grey text is used in the above list of labs to indicate those labs that are provisionally licensed and/or  provisional license for a particular scheme.

Note that there is no time limit to how long a lab can stay in this “provisionally licensed” status, as long as the lab fulfils requirements 1-3, passes the yearly audit and pays the yearly licensing fee(s).

Licensed

Once the trial evaluation has successfully been completed, all aspects of requirements 1-4 have been confirmed by TrustCB, a lab will be (fully) “licensed” for that scheme. Bolded black text is used in the above list of labs to indicate licensed labs and schemes for which the lab is licensed.

To users of the lab, “licensed” therefore reflects that at least once the lab has shown it can perform the necessary work and operate within the processes of the scheme.