IDA?s Common Criteria plan gets a boost

13.06.2005
Von Ee Sze

Security technology company PatchLink Corp., which recently launched its Asia Pacific headquarters in Singapore, is planning to have Common Criteria (CC) testing of its products carried out here.

The CC is an international standard (ISO 15408) for computer security. The announcement dovetails with the Infocomm Development Authority of Singapore?s (IDA) stated ambition under its Infocomm Security Masterplan to establish a CC certification scheme which will allow certification to be done here.

PatchLink, which provides security patch, vulnerability and compliancy management software, is working towards EAL 3 certification for its products through T-Systems in Singapore, said Neal Gemassmer, vice president, Asia Pacific, PatchLink. T-Systems is one of the evaluators for CC in the Asia Pacific.

As part of the certification process, an evaluation lab tests the candidate?s product against the vendor?s Security Target documentation to ensure that it fulfills the security levels specified in the documentation. In deciding to do CC testing here, Gemassmer said Singapore?s infrastructure and its commitment to infocomm security, as well as strong local partners such as T-Systems, were an important part of its evaluation criteria.

Sean Moshir, chief executive officer and founder of PatchLink, added, ?Singapore is a sweet spot to test and certify products given the use of CC certification as a global evaluation benchmark in governments and increasingly, in organizations.?

According to an IDA spokesman, by virtue of the CC Recognition Arrangement (CCRA), the CC certification done in Singapore will be recognized by the National Information Assurance Partnership (NIAP), a US government initiative involving the National Institute of Standards and Technology and the National Security Agency.

PatchLink?s moves in Singapore are part of the company?s expansion and investment plan for the Asia Pacific region, Singapore will be a regional hub to increase support and provide greater access to PatchLink?s Professional Services, certification, and training.

The company recently announced PatchLink Security Academy, a vendor-based patch and vulnerability management training and certification program available to IT professionals globally. The courses offered include PatchLink Update Operator, PatchLink Update Administrator, and PatchLink Update Engineer.

?Asia Pacific is a strategic component of our global vision and a key region for growth,? said Moshir, adding that the demand for security solutions in the region has been fueled by the prevalence of IP and the high mobile devices usage.

PatchLink?s security software are designed for rapid enterprise-wide assessment and deployment of critical security patch and system configurations for a broad range of supported vendor software and hardware types, together with end-point quarantine management.

According to Moshir, Asia Pacific is expected to account for about 5-10 per cent of PatchLink?s business this year. The percentage is expected to grow to 15-20 per cent next year, and to over 25 per cent by 2007.