FAQ

  • What is Evaluation?

Process in which the safety of a product or system is contrasted according to certain criteria or regulations.

  • What is Certification?

Confirmation of the results of the assessment by which the product or system has the ability to protect the information at the declared security level.

  •  What kinds of products are certified in this Scheme?

Level of security of ICT products is certified, either software or hardware and in accordance with the Scheme regulations: ITSEC, Common Criteria, ISO15408/ISO18045 and ISO19790/ISO24759.

  • Which is the cost of certifying a product?

The Certification Process, as an administrative process between the applicant and the CCN, is free. Although according to the Regulation a fee could be charged for the issuing of the Certification, the Body of Certification hasn't charged for it so far.

The task of evaluation of the laboratory has a cost, that ends with the issuing of a Technical Evaluation Report and which is regulated by a contract between the applicant and the laboratory.

  •  How long does it take to certify a product?

It depends on many aspects and actors:

    • Complexity of the product
    • Level of evaluation
    • Scope of work of the laboratory and the Body of Certification
    • Availability of the product and the documentation required for the evaluation and capability of the applicant to solve problems during the evaluation process
    • More information
  • Certification's validity

The certificate obtained according to the Common Criteria is restricted by all countries which signed the CCRA (www.commoncriteriaportal.org) and it cannot expire as long as the conditions under which it was awarded are still being met. Likewise, any certificate issued by an authorised CCRA agreement country is recognised by Spain. In both cases, the recognition is only valid up to EAL2.

  • Laboratories accreditation

The Certification Body has the power, as stated in Order PRE/2740/2007, of 19 September, to accredit those laboratories that wish to evaluate the functional security of Information Technologies.