The accreditation by the Certification Bodyinitially requires the verification of its technical competence, in accordance with UNE-EN 17025 standard, by a recognized Entity of Authorization, such as ENAC. The Certification Body expects the fulfilment of the following requirements in order to authorise IT Security Evaluation Laboratories:
- The ability to evaluate the security of information technologies products. This ability is verified through the accreditation of their technical competence, the extent of which includes evaluation criteria, methods and standards.
- Fulfilment of the requirements for Security Management established by Chapter III. Accreditation requirements included in the Regulation on Security Evaluation and Certification of Information Technologies Regulation.
- Development of evaluations in accordance with the procedures that contain information and coordination obligations, towards the Certification Body, specified in Chapter III.
The fulfilment of these requirements is verified through the audit and monitoring procedures described in Chapter IV. In any case, the extent of the accreditation issued by the Certification Body is limited by the technical competence of the laboratory and is qualified according to its security level.