IT security product evaluation and testing

CGI’s IT security evaluation and test facility (ITSETF)—one of a select group of labs that is also part of a major global IT services firm—offers comprehensive software testing services and a wealth of competitive advantages to IT security product vendors worldwide.

With CGI’s IT security lab, you gain the benefits of a qualified, accredited and independent evaluation laboratory along with the expertise, experience and global resources of a large, end-to-end IT services company with 68,000 professionals operating in more than 40 countries.

Advantages of CGI’s ITSETF

As a global IT services provider, CGI has the scale, scope and experience to commercially and technically support IT security product evaluations, including those spread across multiple development locations. Most labs today are much smaller and lack the capability to support the testing needs of large IT security product vendors. Our global reach enables us to tap into internal technical resources worldwide to manage complex evaluations for a wide range of products and environments.

  • We have more than a decade of IT security evaluation, consulting and testing experience.
  • Our lab is accredited by the Standards Council of Canada as a testing laboratory for specific tests.
  • We are an accredited laboratory by NVLAP for the Cryptographic Module Validation Program for FIPS 140 testing.
  • CGI’s facility clearances, security clearances and ISO-9001-certified quality processes enable us to provide clients with the highest level of confidentiality and quality. This overall capability is a rarity among most of the Common Criteria and FIPS 140 labs worldwide.
  • CGI’s security experts have worked on some of the most complex Common Criteria evaluations performed in Canada. In addition, our expertise expands beyond evaluation and testing. Most labs have trained evaluators but lack expertise in designing, developing and implementing technology solutions. As a global systems integrator, CGI has deep technology knowledge, which we bring to bear in every evaluation and testing engagement.
  • CGI is actively involved in the evolution of Common Criteria and FIPS standards and provide valuable input in terms of maximizing efficiencies in the development of IT security products.

Global advantages of Canadian IT security evaluations

CGI’s software product testing facility is located in Canada, which brings many advantages to our global clientele, including:

  • Common Criteria evaluation results from Canada are recognized worldwide under the Common Criteria Recognition Agreement.
  • There are no Common Criteria evaluation fees imposed by Canadian authorities. In other jurisdictions, a national scheme evaluation surcharge is imposed on the client.
  • The wait time to get a product reviewed by a certification body in Canada is typically much shorter than in other countries.
  • Certification bodies in Canada employ an iterative review process, which reduces surprises at the end of the evaluation.
  • Canada is known for the maturity, stability and dependability of its national Common Criteria scheme and its certification processes. Canada’s certification body has a reputation for being flexible and innovative in working with security product vendors and their laboratories to help ensure their products meet certification standards.
  • Canada’s close proximity to the U.S. and trusted status with the U.S. government and U.S. certification bodies, combined with the advantages above, make it an attractive testing locale for U.S.-based security product vendors.

Comprehensive IT security evaluation and testing services

Offering a variety of IT security assessment services, CGI helps clients with the following:

  • Common Criteria evaluations up to and including EAL4+
  • Common Criteria assurance continuity testing
  • FIPS 140 cryptographic module validations
  • Interac Payment Device (PED, EPP) certifications
  • Pre-evaluation consulting
  • Evidence and documentary support
  • Vulnerability assessment
  • Penetration testing
  • Forensics, including evidence grade lock-ups
  • Prototype testing and analysis, such as hardened service designs 
  • Certification lifecycle and strategy consulting 
  • Training 
  • Outsourced product testing 

Contact CGI’s IT security laboratory