Process in which the safety of a product or system is contrasted according to certain criteria or regulations.
Confirmation of the results of the assessment by which the product or system has the ability to protect the information at the declared security level.
Level of security of ICT products is certified, either software or hardware and in accordance with the Scheme regulations: ITSEC, Common Criteria, ISO15408/ISO18045 and ISO19790/ISO24759.
The Certification Process, as an administrative process between the applicant and the CCN, is free. Although according to the Regulation a fee could be charged for the issuing of the Certification, the Body of Certification hasn't charged for it so far.
The task of evaluation of the laboratory has a cost, that ends with the issuing of a Technical Evaluation Report and which is regulated by a contract between the applicant and the laboratory.
It depends on many factors and many actors:
- Complexity of the product
- Level of evaluation
- Scope of work of the laboratory and the Body of Certification
- Availability of the product and the documentation required for the evaluation and capability of the applicant to solve problems during the evaluation process
- More information
The certificate obtained according to the Common Criteria is restricted by all countries which signed the CCRA (www.commoncriteriaportal.org) and it cannot expire as long as the conditions under which it was awarded are still being met. Likewise, any certificate issued by an authorised CCRA agreement country is recognised by Spain. In both cases, the recognition is only valid up to EAL2.
The Certification Body has the power, as stated in Order PRE/2740/2007, of 19 September, to accredit those laboratories that wish to evaluate the functional security of Information Technologies.



