SGS Digital Trust Services

Increasing connectivity of equipment, systems and applications in cyber-physical networks creates risks to data and integrity. The targets of cyber attacks vary, from PCs and smart phones, smart meters and smart home solutions, to cars with internet capabilities. The effects can be devastating for your data and/or functionality.

“Independence plays an important role in increasing trust in the security of organizations, products and services. As cybersecurity levels cannot be tested and verified by the end user or the consumer, third party certification can meet this need in a most reliable manner.”

Cybercrime is focused on industries such as the automotive sector, electronics and software, as well as mechanical engineering and critical infrastructure with its automation and industrial control systems (ICS). The connectivity of previously isolated products or systems presents a new range of vulnerabilities and related cyber security challenges. Experience has demonstrated that many of these products and systems, and their components, often have inadequate protection in the event of a cyber attack. 

SGS can help customers to understand their own infrastructure gaps, to test products, components and subcomponents, certify services, management systems and to deliver training and professional certifications. All of this with the benefit of partnership with an internationally recognized independent third party, able to bring trust, both internally and externally.

We are at the forefront of future legislation and standardization, participating in expert groups and global task forces, in all markets and sectors, thus delivering, the added value of a global understanding of the state-of-the-art to our customers.

SGS Cyberlabs

The Cyberlab is SGS’s solution to the challenges of IT security. Within our Cyberlabs, we can help and support customers all over the world, in a consistent and standardized manner, 24/7/365.

Inside these state-of-the-art facilities, SGS can deliver services to help customers to understand the challenges they are facing in the digital economy, focusing on four main areas:

  • Product Testing: Certification and testing capacities for products (hardware or software), devices, components and sub components
  • IT Systems Assessment: For networks and IT systems, including the SOC services
  • Management Systems, Services and Professional Certification: Certification and training activities for organizations, services and people
  • Data Integrity: Validation of data veracity and trust in the data chain of custody

Product Testing

As the largest operator of independent testing labs, SGS delivers services globally with a focus on key customer questions such as time to market, global approach, independence, transparency and confidentiality. In addition, SGS is the only service provider that does not engage in consultancy or development programs with its customers’ potential competitors.

Our range of services includes:

  • Common Criteria Testing
  • IEC 62443 Industrial Cybersecurity
  • FIPS
  • SAE J3061 Automotive Cybersecurity
  • IEC 62351 Smart Grid

Network mapping and assesment

For any IT infrastructure, one of the first challenges is to have a good understanding of its extent and the level of security. This kind of challenge, is also present in web applications, Industrial Control Systems (SCADA) and even mobile applications. SGS Cyberlabs have developed a set of predefined solutions to address those questions that any IT or IT security manager wants answered. Easy to access, and marketed through either the SGS re-seller program or the SGS web marketplace, every solution has been designed to be implemented on any network or application. The solutions are:

  • NMA Package: The SGS network assessment conducts an independent security assessment of the most relevant points in any network. The service is delivered remotely and can be deployed over any infrastructure with little to no intervention from the client's personnel. The assessment creates a comprehensive mapping of the actual infrastructure to help the client understand what they are facing, and then looks for network vulnerabilities
  • WVA Package: The Web Application Vulnerability Assessment checks remotely for security flaws in web applications which could lead to data loss. Clients' key web applications are exposed to the threats of the internet and local networks/intranets. Checks are conducted against the minimum requirements of the OWASP standard’s top 10 web application vulnerabilities
  • SMA Package: The SGS SCADA network assessment of SCADA focuses on PLCs and process controls and any access to the system (either physical or remote) by using the same basic methodology as that of the SGS Network Assessment

SGS solutions, using advanced AI, can carry out assessments, mostly automated, by comparing customer settings and architecture, to previous versions to get a deeper understanding of vulnerability, and a rating of the company network. This can then be benchmarked against other assessments, and the average of the client’s industry/sector.

Penetration testing

The SGS Cyberlabs can deliver advanced services to check the maturity level of a customer's network, systems, applications and even mobile systems.

Penetration testing, is typically delivered after an SGS Network Mapping and Assessment. The results mean customers are able to understand not only the fix being applied to their networks to resolve vulnerabilities detected, but also whether their applications or web services have the required resilience against cyber criminals.

To do so, SGS delivers the following services:

  • External Penetration Test (EPT): An independent verification of the client's internet gateways and infrastructure
  • Web Applications Penetration Test (WPT): Focusing on a web application, either external or internal
  • Mobile Application Penetration Test (MPT): For mobile applications

Security operations center

Inside their facilities, SGS Cyberlabs have powerful security operations centers that are designed to become the focal point of the company's response to cyber threats to its clients. Increasingly, SGS customers are concerned about the static nature of any penetration testing exercise, and are requiring more 'live' monitoring services. SGS has developed a solution that helps a company to regain control over its networks and system activities, and to be able to deploy a consistent response in the event of a security incident.

The SGS solution is organised into three levels:

  • SOC Level I: External Perimeter Monitoring. On level I, the service focuses on permanent monitoring of a company's IT infrastructure perimeter
  • SOC Level II: External and Internal Monitoring. On level II, SGS monitors not only the perimeter of the infrastructure, but also its internal flows, to detect internal and persistent threats. On levels I and II, SGS reports incidents to the client's IT department to take action and to follow up on any attack or threat. Levels I and II are focused on surveillance of the client's infrastructure, but not on taking any action
  • SOC Level III: Incident Response Team. On level III, SGS is able, by following the client’s predefined preferences, to react and to effect the actions to be taken against external or internal attacks. This is achieved by delivering a flexible reaction to the event that can be escalated from a simple closing of ports and shutdown of services, to a reaction to and follow-up on external attack sources

Service and management system certifications

In the field of information technology, SGS has been taking the lead to provide enterprises with an array of IT certification. SGS was one of the first batch of certified organizations to provide ISO 20000 and ISO/IEC 27001 certifications and the first organization to be certified to provide auditing from both CSA STAR Certification and Euro Cloud. SGS is also one of the first batch of certified organizations to bring ECSA auditing training to China. Initiatives such as the Seal of Cybersecurity, where SGS was the launching certification body, or the new IEC 62443 series, demonstrate SGS's position as a global leader for services management systems certification, with a global presence, and with the added benefit of being able to integrate certification audits across multiple management systems. Real-time upgrades, software on demand, resource and data sharing, as well as rapid scalability, data backup and business recovery; cloud services offers new features that sound fantastic. But, what reassurances can service providers offer that the platform, storage and software offered actually work as they should? Customers want to be certain that the service levels and security controls offered, meet not just your clients' organizational needs, but also that they comply with legislative requests, contractual requirements and relevant internationally accepted cloud standards. To meet the growing needs of cloud service providers, and help them to build trust into their relationships, SGS offers third party certification assurance services. This independent assessment means you can demonstrate to clients that your cloud services meet appropriate service standards across a range of criteria, for example, data protection, security, environment, infrastructure, applications and compatibility.

Training and professional certification services

As the global leader in professional training, we offer worldwide centers of excellence, providing the very best learning and development solutions customized to your exact needs. We have a proven track record, delivering public, in-house and online courses for the world's largest companies and government organizations. Plus, with expert trainers that are experienced practitioners in their field, our training moves beyond theory, giving you valuable real-world insights. As a result, you can trust us to provide high-quality consistent training and development at every level of your organization – anywhere in the world. Whatever the industry, whatever the subject, SGS Academy can devise a training plan to meet the professional certification needs of clients, wherever they are based.

Data integrity and veracity services

In a digital economy, one of the most valuable assets is data. The need to trust in data (its veracity), as well as to demonstrate proper handling (privacy) and intactness (integrity) is key for organizations. The ability to detect, withstand, respond to and recover from attacks or security breaches is a cornerstone for business continuity. SGS is the perfect partner to help customers to build, develop and improve their data handling capacity. From online solutions to assist customer data management, such as GDPRonline, to the assessment of data handling policies for mobile applications, SGS can help organizations to demonstrate how they handle their customers data in a sensitive, secure and compliant manner.