Page 6 - Nemko - Annual performance - 2020
P. 6
Nemko Cyber Assurance –
Demonstrated Compliance
The Nemko Cyber journey The Nemko IoT scheme
In the beginning of 2020, Nemko acquired the Cyber security services consist for most
Arendal-based company System Sikkerhet AS, practical purposes of preventive and mitigating
an accredited Common Criteria laboratory. Their actions related to criminal activity. It is food for
certification body is SERTIT, controlled by the thought and fuels investment that the world-
Norwegian National Security Authority. wide cost of cybercrime is expected to reach
Since the acquisition, dedicated personnel in 6 Trillion US dollars in 2021. Cybercrime is not
Lysaker and Arendal have cooperated closely only larger than the global drug market, it also
through the drafting of schemes, building represents a threat against our civil societies,
of governance, qualification, competence for instance, harming critical infrastructure and
building and external recruitment. The result essential services. In light of the increasing
is the establishment of a global Nemko Cyber interactive capabilities of our customers’
Assurance service. The service will be offered products, cyber security is in the foreseeable
through hubs in Europe, North America and future a necessary concern for the design,
Asia. manufacture and distribution of electrical
products and components and a natural
The service portfolio consists of Common addition to the Nemko service portfolio.
Criteria evaluations leading to NSM certification,
IoT certification and security advisory services. Meeting IoT cyber security requirements is now
The cyber certification program for IoT products mandatory in many countries, even though only
was developed mid 2020. It is based on the a few require the involvement of third parties
new ETSI/EN standard 303 645 and the ISO or certification. Cyber requirements are no
guidance for development of certification longer just a “nice to have”. One example is the
schemes. End 2020, the first IoT certificate was EU, where IoT-related cyber requirements are
issued after a successful pilot project. already an integral part of Community sector
legislation within the field of data protection
(GDPR).
In a global market where products are sold
worldwide, it is necessary to meet mandatory
requirements wherever they may be found, and
to document compliance when necessary. A
need for documentation may arise for instance,
in case of public procurement processes,
customer complaints, litigation, recourse
actions from insurers, as well as requests from
national customs and market surveillance
authorities. As the nature and extent of the
requirements vary from one country to another,
4