Common Criteria is an internationally recognised methodology for certifying vendors' claims relating to the security features and performance of their IT security products and services. The process aims to provide buyers with a vendor independent assurance that the IT security product they deploy meets the specifications claimed by the vendor and, in as far as possible, is confirmed to be free from security flaws and vulnerabilities. Further, as an internationally recognised certification process, a product certification in one country is automatically recognised as certified in many others that have adopted the standard.

Common Criteria certification is a mandated requirement in defence and national security applications and is becoming increasingly desirable in other Government services. Common Criteria is also being applied in some secure banking and financial services and well as healthcare and other services where high levels of security is a critical requirement. Security and authentication services providers are increasingly becoming aware that Common Criteria certification is fundamental to the sales value proposition even where Common Criteria certification is not required, as it enables them to offer an independently verified assurance relating to their security and authentication offerings.

Gaining Common Criteria certification is a three stage process, pre-evaluation consultancy, evaluation and certification. 3SH assists organisation with the pre-evaluation consultancy stage.

In pre-evaluation, the vendor needs to develop a formal specification of the security products. This specification is called a Security Target (or ST) and define the features and function to be evaluated and the assumptions around the use, deployment and configuration of the product. Once developed, the ST, is lodged with the administrative body (in Australia that is the Defence Signals Directorate) and forms the basis for the evaluation and certification.

Biometric Privacy Code of Conduct

Privacy is one of the biggest issues facing the biometrics industry in Australia today. Almost every poll conducted cites privacy concerns as the single most important factor affecting the decision not to implement biometric technologies. The Australian privacy laws seek to address some of the issues, but it seems they have made many CIOs even more wary of biometric deployments.

3SH aims to meet the privacy concerns of biometrics users head on. In dealing with the issue of privacy in biometrics in a responsible and fair fashion 3SH seeks to address the legitimate concerns of many potential biometric users.

3SH can develop architectures to comply with privacy and can conduct privacy audits for those companies seeking compliance with the federal privacy legislation and ensure that your company meets and exceeds all legal and user expectations.

As one of the most important and ubiquitous biometrics, 3SH is dedicated to ensuring that voice authentication solutions are responsibly deployed and thus portioning voice authentication as a privacy enhancing technology benefits individual and business users alike.