The inspection examines the information security features of the product or service in accordance with Traficom’s statement of compliance. The outcome of the testing is a comprehensive picture of the factors affecting the information security of the product or service. Annual reviews ensure continuous security.
The inspection starts after the initial discussions, which determine the scope and content of the object of the inspection. Based on these, a threat model and testing plan are drawn up, and Traficom reviews them before the actual inspection begins.
Content and duration of the inspection
The inspection covers the most common threats the product faces and protection against them. The inspection goes smoothly when the groundwork has been carried out properly, and the technical resources required for the applicant’s inspection are readily available. A carefully completed statement of compliance and comprehensive information about the operation and technical implementation of the product or service accelerate the inspection.
The workload of the inspection varies, depending on how complex and challenging the product is. The inspection duration is case-specific, varying from 5 to 20 working days. The company’s readiness to provide information during the inspection greatly affects the duration.
The cost of an inspection depends on the required workload and the information security company’s prices. Information security companies decide on their pricing independently. However, Traficom reviews the threat model and testing plan before starting the process.
The company itself selects an external information security company as the inspection body, and Traficom approves the testing plan and results. Various information security companies carry out inspections.
Would you like to undertake a Cybersecurity Label inspections? Contact us by email firstname.lastname@example.org