Finding the right security products to protect an organization's computer systems is often a difficult, time-consuming task. With so many offerings on the market, how does an organization know which product best meets its needs and delivers on its claims?
One way companies can accomplish this more easily - and save time and resources - is to rely on third parties to provide independent product assurance as part of the request-for-proposal (RFP) process.
ICSA Labs, one of the most trusted testing and certification organizations in the world, offers enterprises and government agencies the following six tips on how using products certified by a third party can help during the product-selection process:
- Reduce Your Due Diligence Burden: Carefully document product-selection requirements and then formally compare them with either published testing results or certification requirements from a third-party assurance program. Requiring potential products to be tested or externally certified significantly reduces time spent analyzing products.
- Rely on Independent Third-Party Assurance: Several entities - including independent testing and certification labs, government assurance programs, trade magazines, analyst firms and commercial labs - offer varying levels of product assurance. Independent testing and certification labs offer a cost-effective choice. Additionally, the best third-party test labs strive to be unbiased and vendor- and product-neutral.
- Choose Wisely: Not all testing organizations are the same. Pay close attention to the organization's public criteria (testing/certification criteria should be publicly available); relevance (how much overlap exists between the third party's published criteria and the enterprise's business requirements); and frequency (how often is testing done and at what intervals). Also, ensure that the testing organization relies on a scientific, repeatable testing methodology.
- Require Completeness: Choose a third-party organization that requires its certified products to pass all - not just some - of its tests and verifies that fixes are incorporated into the product. Product assurance testing should not be a static, once-and-done process. Rather, look for ongoing testing.
- Ask Questions: A third-party testing organization should incorporate a product-evaluation program that helps decision makers determine which products to purchase and deploy. Be sure to ask specific questions about the evaluation program and how it works.
- Demand Proven Quality: Chose an accredited third-party organization. In choosing a lab, look for one that has earned ISO/IEC 17025 accreditation, which assesses a laboratory's management and technical capabilities, including the operational effectiveness of its quality management system, processes and procedures.
"Third-party assurance and independent due diligence should be a critical component of the enterprise-product selection process," said George Japak, managing director, ICSA Labs, an independent division of Verizon Business. "Business and government customers can gain significant advantages by leveraging independent third-party testing results to balance skills, time and budget with product needs. Third-party testing is an excellent supplement to an overall product-selection process and in the long run can save an enterprise a lot of time, resources and headaches."
For sample language requiring the use of certified products in RFPs or to ask specific questions about building this requirement into an RFP, visit ICSA Labs blog at http://www.icsalabs.com/blog.
About ICSA Labs
ICSA Labs, an independent division of Verizon Business, offers vendor-neutral testing and certification of security products. Many of the world's top security vendors submit their products for testing and certification at ICSA Labs. Businesses rely on ICSA Labs to authoritatively set and apply objective testing and certification criteria for measuring product compliance and reliability. ICSA Labs was the first security-product testing organization to earn ISO/IEC 17025 accreditation, validating the laboratory's world-class capabilities. For more information about ICSA Labs, visit: http://www.icsalabs.com.
About Verizon Business
Verizon Business, a unit of Verizon Communications (NYSE: VZ), is a global leader in communications and IT solutions. We combine professional expertise with one of the world's most connected IP networks to deliver award-winning communications, IT, information security and network solutions. We securely connect today's extended enterprises of widespread and mobile customers, partners, suppliers and employees - enabling them to increase productivity and efficiency and help preserve the environment. Many of the world's largest businesses and governments - including 96 percent of the Fortune 1000 and thousands of government agencies and educational institutions - rely on our professional and managed services and network technologies to accelerate their business. Find out more at www.verizonbusiness.com.