Intertek provides complete Cybersecurity Certifications, Assurance, Testing and Inspection services assuring your product is cyber secure.
The Road to Successful Cybersecurity Certification: We recognize that product certifications are business enablers for our customers. As a result, we aim to not only certify your products, but do so in an efficient, time and cost-effective manner. Intertek has the right philosophical approach as well as the right expertise to position vendors to best meet challenging government cybersecurity certifications.
AMER Region
Argentina
General IoT
General IoT
- Argentine Data Protection Act no. 25326 (PDPA)
- Argentine Central Bank issued regulation: Communication BCRA 6354 as amended by 6375
Brazil
General IoT
General IoT
- Brazilian Internet Law (Law no. 12,965/2014)
- Regulatory Decree (no. 8.771/2016)
- Brazilian Data Protection Law (August 2020)
- National Data Protection Authority (Law no. 13.853/2019)"
- Central Bank of Brazil Resolution No. 4.658/2018 (December 2021)
- There are no cybersecurity specific laws for telecom in Brazil, though the country is discussing a National Cybersecurity Plan in Congress
- The most up-to-date regulation that is most closely applicable would be: Decree 8771/2016
Canada
General IoT
General IoT
- National Cybersecurity Strategy
- CyberSecure Canada Certification Program
- Personal Information Protection and Electronic Documents Act (PIPEDA) - Nov 2018
- Health Canada published guidance on pre-market requirements for medical device cybersecurity applying to all risk classes
- Personal Information Protection and Electronic Documents Act (PIPEDA) - Nov 2018
- Bank of Canada's Cybersecurity Strategy 2019-2021
- Motor Vehicle Safety Act (MVSA)
- Strengthening Motor Vehicle Safety for Canadians Act (March 2018)
Untied States
General IoT
General IoT
- California SB327 (Jan 2020)
- Oregon law (Jan 2020)
- NIST Small Business Cybersecurity Bill (Jun 2018)
- NIST Framework for Improving Critical Infrastructure Cybersecurity Verion 1.1 (Apr 2018)
- FDA [Guidance extract]
- Gov requirements (S.734 - Internet of Things Cybersecurity Improvement Act of 2019)
- [? FIPS ?]
- US FSSCC Financial Services Sector Cybersecuri-ty Profile Overview and User Guide (Oct 2018)
- New York Cybersecurity Requirements for Financial Services Companies (Mar 2017)
- CTIA [Not currently mandatory]
- USDOT recommends adopting NIST standards.
EMEA Region
European Union
General IoT
General IoT
- Cybersecurity Act (March 2019)
- GDPR (EU) 2016/679
- EC IACS Cyersecurity Certification Frame-work (ICCF) (April 2018)
- Cybersecurity Act (March 2019)
- GDPR (EU) 2016/679
- EU's medical technology trade association issued new recommendations and encour-ages the adoption of the EU's new Manufacturer Disclosure Statement for Medical Device Security (MDS2) form
- NIS DIrective (EU) 2016/1148
- MDR Regulation (EU) 2017/745
- IVDR Regulation (EU) 2017/746
- Cybersecurity Act (March 2019)
- GDPR (EU) 2016/679
- Cybersecurity Act (March 2019)
- GDPR (EU) 2016/679
- ENISA recommends manufacturers incorporate cybersecurity into the design of smart car security measures
France
General IoT
General IoT
- National Digital Security Strategy (Oct 2015)
Germany
Medical Devices
Medical Devices
- German Cybersecurity Requirements for Network-connected Medical Devices
- BaFin Specifies BAIT (Feb 2018)
- BaFin consultation on Circular or bank regulato-ry requirements for IT Systems (March 2017)
- DRAFT: German IT Security Act 2.0 (IT-SiG, 2.0)
- German Federal Office for Information Security Act (Aug 2009)
Russia
Financial/Bank
Financial/Bank
- CBR Central Bank of Russia Standard for Maintenance of Information Security of the Russian Banking System Organizations - General Provisions (Jun 2014)
- Russian Banking system standard on information security maintenance (Apr 2014)
- CBR Standard for Information Security of Russian Banking Insitutions Information Security Audit (May 2007)
Saudi Arabia
General IoT
General IoT
- Essential Cybersecurity Controls (ECC - 1:2018) Standard
- Anti-Cyber Crime Law
- Controls of the Use of Computers and Information networks in Government Entities (Government Mandate No. (81) - 191430/3/H
- Information Security Policies and Procedures Development Framework for Government Agencies (the Framework)
- SAMA Cybersecurity Framework (May 2017)
- Controls of the Use of Computers and Information networks in Government Entities (Government Mandate No. (81) - 191430/3/H
- Information Security Policies and Procedures Development Framework for Government Agencies (the Framework)
- Resolution No. 555 of 2019
South Africa
General IoT
General IoT
- Protection of Personal Information Act 4 (POPI Act)
- Cybercrimes & Cybersecurity Act
- South Africa National Cybersecurity Policy Framework (Dec 2015)
- Electronic Communications and Transactions Act 25 (ECT Act)
- South African Reseave Bank (SARB) Guidance to banks on cyber resilience (May 2017)
- Controls of the Use of Computers and Information networks in Government Entities (Government Mandate No. (81) - 191430/3/H
- Information Security Policies and Procedures Development Framework for Government Agencies (the Framework)
- Resolution No. 555 of 2019
Turkey
General IoT
General IoT
- Turkey does not have any dedicated cybersecurity laws… however, there is data protection legislation which includes the Personal Data Protection Law No. 6698 (the PDPL)
- Turkey National Cybersecurity Strategy and Action Plan (2016)
- Turkish Ministry of Health (TMH) recently published a draft regulation to update its current, EU aligned MDR
- Electronic Commerce Law No. 6563 (e-Commerce Law)
- Banking Law No. 5411 (Banking Law)
- Regulation on the Information Systems of Banks and Electronic Banking (DRAFT regulation published Feb 2019)
- Institutions in the banking sector must comply with the Control Objectives for Information and RElated Technology (COBIT) standards
- Payment Systems Law No. 6943 - Makes special certification (ISO 27001 and PCI DDS) mandatory
- Use of ISO/IEC 27001 mandatory for entities providing electronic communicatoin services, electronic networks and infrastructure and energy facilities
United Kingdom
General IoT
General IoT
- California SB327 (Jan 2020)
- Oregon law (Jan 2020)
- NIST Small Business Cybersecurity Bill (Jun 2018)
- NIST Framework for Improving Critical Infrastructure Cybersecurity Verion 1.1 (Apr 2018)
- UK Financial Conduct Authority (FCA) Consulta-tion on extending Individual Accountability Regime (Jul 2017)
- UK Open Banking Initiative
- Bank of England - UK CBEST Intelligence-led Cybersecurity Assessment 2.0 (2016)
- PAS 1885:2018
Switzerland
General IoT
General IoT
- Swiss National Strategy for Protection of Switzerland Against Cyber Attacks (Apr 2018)
APAC Region
Australia
General IoT
General IoT
- Cybersecurity Strategy
- Australian's Therapeutic Goods Administration (TGA) published medical device cybersecurity guidance for all device risk classes, applicable to industry as well as users
- Australia is aming to have end-to-end regulation in place by 2020 to support the safe, comercial deployment and operation of autonomous vehicles at all levels of automation
China
General IoT
General IoT
- Cybersecurity Law (June 2017)
- Regulations on Internet Security Supervision and Inspection by Public Security Organs (Nov 2018)
- Guideline for Internet Personal Information Security Protection (Guideline) (April 2019)
- International Strategy of Cooperation on Cyberspace (Mar 2017)
- The National Medical Products Administra-tion (NMPA) published draft guidelines for standalone medical device software including cybersecurity requirements
- CBRC Guidelines on the Risk management of Commercial Banks' Information Technolo-gy
India
Financial/Bank
Financial/Bank
- Institute for Development and Research in Banking Technology (IDRBT) Cybersecurity Checklist (July 2016)
- RBI Circular to Establish Cybersecurity Framework in Banks (Jun 2016)
Indonesia
Medical Devices
Medical Devices
- Article 57 of Law No. 36 of 2009
- Regulation No. 1/POJK.07/20136
- Article 25 of Bank Indonesia Regulation No. 18/40/PBI/2016
- Article 40 of Law No. 36 of 1999
Japan
General IoT
General IoT
- [Law understood to come into effect 1 April 2020?]
- Japan's National Center of Incident Readiness and Strategy for Cybersecurity (Sept 2015)
- Japan's Basic Act on Cybersecurity (2014)
- JSFA Policy Approaches to Strengthen Cybersecurity in the Financial Sector (Jul 2015)
South Korea
General IoT
General IoT
- Personal Ifnormation Protection Act (PIPA)
- Act on the Promotion of IT Network Use and Information Protection Act (Network Act)
- The Act on the Protection and Use of Location Information (Location Information Act)
- In-vitro Diagnostic Medical Device Act (May 2020)
- South Korean Ministry for Food and Drug Safety (MFDS) issued guidelines for medical device cybersecurity risk management based on US FDA guidance and recommendations
- Electronic Financial Transactions Act (EFTA)
- Regulations on Supervision of Electronic Financial Transactions (RSEFT)
- Credit Information Use and Protection Act (Credit Information Act)
- Action on the Promotion of IT Network Use and Information Protection Act (Network Act)
- Protection of Information and Communica-tions Infrastructure Act (PICIPA)
Singapore
General IoT
General IoT
- Cybersecurity Act (March 2018)
- CSA Singapore Cyber Landscape (Jun 2018)
- Cybersecurity Act (March 2018)
- Cybersecurity Act (March 2018)
- Cybersecurity Act (March 2018)
- MAS mandated financial institutions must comply with risk management guidelines within the next 12 months (since Aug 2019) in an effort to strengthen the cyber resilience of organizations
- Cybersecurity Act (March 2018)
- Cybersecurity Act (March 2018)
- TR 68 - a set of guidelines covering areas such as vehicle behavior, safety, and cybersecurity for FULLY autonomous vehicles (2019)
- Road Traffic Act (2017)
Knowledge Center
- Cybersecurity Awareness Training Fact Sheet
- Common Criteria Certification Process Fact Sheet
- FIPS 140-3 Process and Service Offerings Fact Sheet
- 5G Technology Assurance Solution Fact Sheet
- Cyber Security Risk in a Mass Remote Working Environment Webinar
- Intertek Cyber Assured Fact Sheet
- Consumer Product Focused Cyber Security Test and Certification Program
- PCI PIN Transaction Security (PTS) Cyber Security Fact Sheet
- Cyber Security Assurance Overview
- ANSI/UL 2900 Cyber Security Assessments Fact Sheet
- Software Assurance Overview
- Network Certification Guides
- Guide to PTCRB Certification
- Guide to Verizon ODI Process