SPIguard Certification
Industry and Regulatory Agencies are increasingly requiring businesses to meet published security standards. It is important for businesses, and their clients, to know that their applications are secure. While you can conduct a penetration test of your applications, that alone cannot provide an assurance that they are secure. The only way to actually ensure security is to have a good application development and deployment program.
Defining what a good secure application development and deployment is can be subjective. SPIguard has taken its experience performing penetration tests and compliance assessments and come up with a certification service that ensures consistency and accuracy across platforms and architectures.
SPIguard Certified TM Service
The SPIguard CertifiedTM service verifies that your applications have been thoroughly tested and that you also have a secure application development methodology. Our expert security consultants will review your development and deployment processes to ensure that they meet certification requirements. We will then test your applications and the deployed environment to identify any potential weaknesses. We will also work with you to address gaps/weaknesses and suggest solutions. Once all the requirements are met, SPIguard will issue a certificate.
Who Is This For?
SPIguard certification is ideal for applications that handle sensitive data, but do not fall under any other certification requirements such as PA-DSS. This is also for organizations that need an assurance or need to show their clients that their applications are secure.
Certification Process
SPIguard has a very thorough methodology that follows industry standard practices. We have created detailed checklists on what to look for and how to verify that applications meet requirements.
Step 1: Preparation
- Evaluate operations to determine areas in scope for certification
- Identify and classify sensitive data and areas
Step 2: Review
- Compare policies and procedures against industry standards
- Identify gaps and weaknesses
- Provide report on gaps and recommend steps for remediation
Step 3: Verify & Report
- Verify implemented practices against documented policies and procedures
- Test applications and network for vulnerabilities
- Provide report on gaps and vulnerabilities
- Recommend and prioritize remediation activities
Step 4: Verify Remediation
- Test applications and network to verify remediation
- Recommend and prioritize remediation activities
What Does It Mean
Having the SPIguard Certified TM certification shows to your clients and business partners that you have done your due diligence to make and keep your applications secure. It shows that you have secure application development and deployment processes.