The SERTIT certification process consists of seven steps.
Sponsor: Finances the certification, is responsible for ensuring that the requirements for certification are met, and is SERTIT's customer
Developer: Develops the product and implements the certification requirements
ITSEF: Carries out the evaluation by examination and testing and reports to SERTIT
Certification body: Supervises the evaluation and issues a certificate
The developer and sponsor make an agreement on evaluation.
In addition to the design of the product with associated documentation, the implementation of current security and assurance requirements in the product must be set out in a document called Security Target (ST). The document Protection Profile (PP or cPP) describes security and assurance requirements for, for example, a technology area, which can serve as a guide for developers or set as requirements from procuring authorities.
The Sponsor obtains offers for evaluation from the licensed ITSEF in the scheme and enters into an agreement on evaluation with an ITSEF.
The ITSEF notifies SERTIT in accordance with established procedures of an impending security evaluation that is to be implemented.
The Sponsor submits an application for certification to SERTIT.
The Developer and Sponsor make requisite agreements on information sharing. The Developer accordingly makes product and product documentation available to the ITSEF.
The evaluation formally starts as soon as SERTIT has approved the project. It is important to ensure that the parties know the current framework for evaluation and certification. The sponsor and the certification authority are continuously provided with observation reports from the evaluation. SERTIT continuously monitors the work along the way. When all steps in the evaluation have been completed and all outstanding actions have been resolved, SERTIT receives a technical evaluation report.
The technical evaluation report and other documents and observations form the basis for the last step in the process; the certification phase. SERTIT evaluates the evaluation report and examines whether the evidence for the conclusions is sufficient and consistent. If everything is found to be in order, it provides a basis for issuing a certificate (C) and certification report (CR).