Trust in information technology can only be created if the security of data can be relied upon. This can be confirmed, for example, by an independent audit.
The Federal Office for Information Security (BSI) has, among other things, the task of performing certifications of information technology products, components or systems [IT security certification]. For this purpose, the BSI operates certification programmes in which the rules, the procedure and the management for carrying out the certification are specified and described.
Within the scope of a type test, product certification confirms that a product version fulfils certain functional and security characteristics specified in protection profiles, security specifications or technical guidelines. The certification is carried out at the request of the manufacturer or a distributor. Prerequisite for certification is a test according to the criteria published in the certification programme [VB Products]. As a rule, the test is performed by a BSI-recognised testing body and, with the aim of comparability, is accompanied by employees of the certification body. This three-party principle ensures the independence of the procedure. The result of the procedure is recorded in a certification report. This includes, among other things, the safety certificate (summary evaluation) and the detailed certification report. This contains the safety-related description of the certified product, the details of the evaluation and instructions for the user.
The certificates and certification reports issued are published by the certification body - provided the applicant agrees to this. The certificates are mutually recognised under the conditions defined in international and European agreements.