Intertek provides complete Cybersecurity Certifications, Assurance, Testing and Inspection services assuring your product is cyber secure.
The Road to Successful Cybersecurity Certification: We recognize that product certifications are business enablers for our customers. As a result, we aim to not only certify your products, but do so in an efficient, time and cost-effective manner. Intertek has the right philosophical approach as well as the right expertise to position vendors to best meet challenging government security certifications.
General IoT
Argentina
- Argentine Data Protection Act no. 25326 (PDPA)
Australia
- Cybersecurity Strategy
Brazil
- Brazilian Internet Law (Law no. 12,965/2014)
- Regulatory Decree (no. 8.771/2016)
- Brazilian Data Protection Law (August 2020)
- National Data Protection Authority (Law no. 13.853/2019)"
Canada
- National Cybersecurity Strategy
- CyberSecure Canada Certification Program
- Personal Information Protection and Electronic Documents Act (PIPEDA) - Nov 2018
China
- Cybersecurity Law (June 2017)
- Regulations on Internet Security Supervision and Inspection by Public Security Organs (Nov 2018)
- Guideline for Internet Personal Information Security Protection (Guideline) (April 2019)
- International Strategy of Cooperation on Cyberspace (Mar 2017)
European Union
- Cybersecurity Act (March 2019)
- GDPR (EU) 2016/679
- EC IACS Cyersecurity Certification Frame-work (ICCF) (April 2018)
France
- National Digital Security Strategy (Oct 2015)
Japan
- [Law understood to come into effect 1 April 2020?]
- Japan's National Center of Incident Readiness and Strategy for Cybersecurity (Sept 2015)
- Japan's Basic Act on Cybersecurity (2014)
Saudi Arabia
- Essential Cybersecurity Controls (ECC - 1:2018) Standard
- Anti-Cyber Crime Law
Singapore
- Cybersecurity Act (March 2018)
- CSA Singapore Cyber Landscape (Jun 2018)
South Africa
- Protection of Personal Information Act 4 (POPI Act)
- Cybercrimes & Cybersecurity Act
- South Africa National Cybersecurity Policy Framework (Dec 2015)
South Korea
- Personal Ifnormation Protection Act (PIPA)
- Act on the Promotion of IT Network Use and Information Protection Act (Network Act)
- The Act on the Protection and Use of Location Information (Location Information Act)
Switzerland
- Swiss National Strategy for Protection of Switzerland Against Cyber Attacks (Apr 2018)
Turkey
- Turkey does not have any dedicated cybersecurity laws… however, there is data protection legislation which includes the Personal Data Protection Law No. 6698 (the PDPL)
- Turkey National Cybersecurity Strategy and Action Plan (2016)
Untied States
- California SB327 (Jan 2020)
- Oregon law (Jan 2020)
- NIST Small Business Cybersecurity Bill (Jun 2018)
- NIST Framework for Improving Critical Infrastructure Cybersecurity Verion 1.1 (Apr 2018)
Medical Devices
Australia
- Australian's Therapeutic Goods Administration (TGA) published medical device cybersecurity guidance for all device risk classes, applicable to industry as well as users
Canada
- Health Canada published guidance on pre-market requirements for medical device cybersecurity applying to all risk classes
China
- The National Medical Products Administra-tion (NMPA) published draft guidelines for standalone medical device software including cybersecurity requirements
European Union
- Cybersecurity Act (March 2019)
- GDPR (EU) 2016/679
- EU's medical technology trade association issued new recommendations and encour-ages the adoption of the EU's new Manufacturer Disclosure Statement for Medical Device Security (MDS2) form
- NIS DIrective (EU) 2016/1148
- MDR Regulation (EU) 2017/745
- IVDR Regulation (EU) 2017/746
Germany
- German Cybersecurity Requirements for Network-connected Medical Devices
Indonesia
- Article 57 of Law No. 36 of 2009
Singapore
- Cybersecurity Act (March 2018)
South Korea
- In-vitro Diagnostic Medical Device Act (May 2020)
- South Korean Ministry for Food and Drug Safety (MFDS) issued guidelines for medical device cybersecurity risk management based on US FDA guidance and recommendations
Turkey
- Turkish Ministry of Health (TMH) recently published a draft regulation to update its current, EU aligned MDR
Untied States
- FDA [Guidance extract]
Government Purchasing Standards
Saudi Arabia
- Controls of the Use of Computers and Information networks in Government Entities (Government Mandate No. (81) - 191430/3/H
- Information Security Policies and Procedures Development Framework for Government Agencies (the Framework)
Singapore
- Cybersecurity Act (March 2018)
Untied States
- Gov requirements (S.734 - Internet of Things Cybersecurity Improvement Act of 2019)
Financial/Banking
Argentina
- Argentine Central Bank issued regulation: Communication BCRA 6354 as amended by 6375
Brazil
- Central Bank of Brazil Resolution No. 4.658/2018 (December 2021)
Canada
- Personal Information Protection and Electronic Documents Act (PIPEDA) - Nov 2018
- Bank of Canada's Cybersecurity Strategy 2019-2021
China
- CBRC Guidelines on the Risk management of Commercial Banks' Information Technolo-gy
Germany
- BaFin Specifies BAIT (Feb 2018)
- BaFin consultation on Circular or bank regulato-ry requirements for IT Systems (March 2017)
India
- Institute for Development and Research in Banking Technology (IDRBT) Cybersecurity Checklist (July 2016)
- RBI Circular to Establish Cybersecurity Framework in Banks (Jun 2016)
Indonesia
- Regulation No. 1/POJK.07/20136
- Article 25 of Bank Indonesia Regulation No. 18/40/PBI/2016
Japan
- JSFA Policy Approaches to Strengthen Cybersecurity in the Financial Sector (Jul 2015)
Russia
- CBR Central Bank of Russia Standard for Maintenance of Information Security of the Russian Banking System Organizations - General Provisions (Jun 2014)
- Russian Banking system standard on information security maintenance (Apr 2014)
- CBR Standard for Information Security of Russian Banking Insitutions Information Security Audit (May 2007)
Saudi Arabia
- SAMA Cybersecurity Framework (May 2017)
Singapore
- Cybersecurity Act (March 2018)
- MAS mandated financial institutions must comply with risk management guidelines within the next 12 months (since Aug 2019) in an effort to strengthen the cyber resilience of organizations
South Africa
- Electronic Communications and Transactions Act 25 (ECT Act)
- South African Reseave Bank (SARB) Guidance to banks on cyber resilience (May 2017)
South Korea
- Electronic Financial Transactions Act (EFTA)
- Regulations on Supervision of Electronic Financial Transactions (RSEFT)
- Credit Information Use and Protection Act (Credit Information Act)
Turkey
/
/
- Electronic Commerce Law No. 6563 (e-Commerce Law)
- Banking Law No. 5411 (Banking Law)
- Regulation on the Information Systems of Banks and Electronic Banking (DRAFT regulation published Feb 2019)
- Institutions in the banking sector must comply with the Control Objectives for Information and RElated Technology (COBIT) standards
- Payment Systems Law No. 6943 - Makes special certification (ISO 27001 and PCI DDS) mandatory
United Kingdom
- UK Financial Conduct Authority (FCA) Consulta-tion on extending Individual Accountability Regime (Jul 2017)
- UK Open Banking Initiative
- Bank of England - UK CBEST Intelligence-led Cybersecurity Assessment 2.0 (2016)
Untied States
- [? FIPS ?]
- US FSSCC Financial Services Sector Cybersecuri-ty Profile Overview and User Guide (Oct 2018)
- New York Cybersecurity Requirements for Financial Services Companies (Mar 2017)
Telecoms
Brazil
- There are no cybersecurity specific laws for telecom in Brazil, though the country is discussing a National Cybersecurity Plan in Congress
- The most up-to-date regulation that is most closely applicable would be: Decree 8771/2016
European Union
- Cybersecurity Act (March 2019)
- GDPR (EU) 2016/679
Germany
- DRAFT: German IT Security Act 2.0 (IT-SiG, 2.0)
- German Federal Office for Information Security Act (Aug 2009)
Indonesia
- Article 40 of Law No. 36 of 1999
Saudi Arabia
- Controls of the Use of Computers and Information networks in Government Entities (Government Mandate No. (81) - 191430/3/H
- Information Security Policies and Procedures Development Framework for Government Agencies (the Framework)
- Resolution No. 555 of 2019
Singapore
- Cybersecurity Act (March 2018)
South Africa
- Controls of the Use of Computers and Information networks in Government Entities (Government Mandate No. (81) - 191430/3/H
- Information Security Policies and Procedures Development Framework for Government Agencies (the Framework)
- Resolution No. 555 of 2019
South Korea
- Action on the Promotion of IT Network Use and Information Protection Act (Network Act)
- Protection of Information and Communica-tions Infrastructure Act (PICIPA)
Turkey
- Use of ISO/IEC 27001 mandatory for entities providing electronic communicatoin services, electronic networks and infrastructure and energy facilities
Untied States
- CTIA [Not currently mandatory]
Vehicular
Australia
- Australia is aming to have end-to-end regulation in place by 2020 to support the safe, comercial deployment and operation of autonomous vehicles at all levels of automation
Canada
- Motor Vehicle Safety Act (MVSA)
- Strengthening Motor Vehicle Safety for Canadians Act (March 2018)
European Union
- Cybersecurity Act (March 2019)
- GDPR (EU) 2016/679
- ENISA recommends manufacturers incorporate cybersecurity into the design of smart car security measures
Singapore
- Cybersecurity Act (March 2018)
- TR 68 - a set of guidelines covering areas such as vehicle behavior, safety, and cybersecurity for FULLY autonomous vehicles (2019)
- Road Traffic Act (2017)
United Kingdom
- PAS 1885:2018
Untied States
- USDOT recommends adopting NIST standards.
COLOR KEY:
- BLUE COUNTRY = AMER REGION
- CERELLO COUNTRY = EMEA REGION
- GREY COUNTRY = APAC REGION
Knowledge Center
- Cybersecurity Awareness Training Fact Sheet
- Common Criteria Certification Process Fact Sheet
- FIPS 140-3 Process and Service Offerings Fact Sheet
- 5G Technology Assurance Solution Fact Sheet
- Cyber Security Risk in a Mass Remote Working Environment Webinar
- Intertek Cyber Assured Fact Sheet
- Consumer Product Focused Cyber Security Test and Certification Program
- PCI PIN Transaction Security (PTS) Cyber Security Fact Sheet
- Cyber Security Assurance Overview
- ANSI/UL 2900 Cyber Security Assessments Fact Sheet
- Software Assurance Overview
- Network Certification Guides
- Guide to PTCRB Certification
- Guide to Verizon ODI Process