Scope of Action
The OC's scope includes public or private entities who wish to function as evaluation laboratories for ICT security, as well as public or private entities manufacturers of ICT systems or products who wish to certify the security of these products or systems, as long as these products or systems can be included in the CCN's scope.
The Certification Body licenses laboratories based on the compliance of the requirements laid out in the Third Title, and in accordance with the procedure established in the Fourth Title of the IT security evaluation and certification regulations, approved by ORDEN PRE/2740/2007, 19 September.
The Certification Body certifies the security of information technology products in accordance with the procedure established in the Fifth Title, and following the evaluation standards, criteria and methodology listed in the Sixth Title of the cited IT security evaluation and certification regulations.
In addition, the Certification Body is accredited by the Entidad Nacional de Acreditación, in accordance with the requirements laid out in the standard UNE-EN ISO/IEC 17065 for product certification.