Development of secure solutions

Cybersecurity built of Swedish steel

Product development at Advenica differs from traditional development work. Our customers require us be able to vouch for and demonstrate that our solutions are safe and offer high assurance. This can only be achieved if all work is performed under strong security protection and by instilling confidence in our solutions. In other words, that they can be evaluated.

 

How we develop security

The degree of assurance you need influences the amount of proprietary hardware in our solutions. We start development work by formulating a Security Target. This is where we map out all security issues our solution should manage. Based on this we identify the requirements on products, security and assurance. These requirements follow the solution throughout its lifecycle.

Once we have developed and delivered a solution we have a commitment to monitor the external environment for published vulnerabilities that may affect the security of the solution. If we detect any incident we manage it through contacts with yourselves to develop an action plan that reduces or removes the effects of the incident.

 

How we produce security

High requirements on security mean we develop and produce vital parts of solutions in-house. This way we can ensure IT security protection of the development and production environments, perimeter security of our premises and the availability of reliable staff.

Normally we perform final assembly ourselves in our offices with our own personnel and under strict security.


How we provide security

We use different methods to demonstrate the security of our solutions. One is to allow a third party to review our solution and offer their opinion on security, which is how Common Criteria works.

Another method is for you to audit our solution to form your own opinion of the assurance and level of security we offer. Or you can access our own security analysis of the solution.

 

How we deliver security

You take responsibility for all matters regarding management and use of the security protection system after a controlled delivery.

We include clear recommendations to make this process easy.

As security should not be trivialized we believe it is important for us to train your personnel. The interactivity that occurs during the training program ensures both parties that the security of the solution will be well managed.