Federal Office for Information Security BSI


The Federal Office for Information Security BSI is the central IT security service provider for the German government. To promote IT security in Germany, the agency advises and supports several different target groups: IT manufacturers and users, data protection officers, security consultants, experts, testing agencies, research establishments and standardisation bodies. Implementation of its own security products, trend research and collaboration with international organisations are other important areas of its work. In addition, as a certification authority and accreditation body, the BSI develops criteria, methods and tools for the evaluation of the security of IT systems.

BSI investigates security risks associated with the use of IT and develops preventive security measures. In order to promote IT security, BSI issues security certificates. The Certification Body of BSI monitors all evaluations within the Scheme and provides guidance on specific issues arising during evaluations. On the basis of international recognition arrangements, IT security certificates issued by BSI are recognised in most of the European countries, in North America, Japan, India, Republic of Singapure, Australia and New Zealand.

Epicom S.A.


EPICOM is the reference cryptography company in Spain. EPICOM is one of the companies that conforms the AMPER group, one of the most important holding in the defence field in Spain.

With an engineering team with more than twenty years of experience devoted to cryptography technology and with a strong commitment to innovation, research and development, EPICOM develops and supplies equipment, technical support and consultancy in cryptographic applications and systems.

All our products hold maximum certifications from the Spanish National Security Agency. Most exigent quality and security international certification (EAL 4+) are part of our development policies.

Crypto equipment for Fax, Voice, IP, ISDN, X.25, Narrow Band, Key Transport Unit and Management Center are some examples of our catalogue of equipments. Among our lastest releases standout the IP crypto family, (EP430), that can reach up to 160 Mbps, and the personal crypto EP670, a pocket size equipment suitable for mobile communications (voice and data) and narrow band systems.

Fábrica Nacional de Moneda y Timbre - Real Casa de la Moneda


The FNMT-RCM is a public entity of the Ministry of Economy and Finance. It is a corporation acting as a true public service, because of the type of work it performs. On the other hand, it is open to collaboration with private entities in situations where there are security requirements and a need for strict monitoring of production, an area in which the FNMT-RCM has gained the recognition and trust of the general public. This business line was extended with the development of certification services and the manufacturing of smart cards. All of its activities are based on integrated security, applied to the corporation’s production processes, to their products, to the processing of information and to its facilities.

One of the main business line of the company, internationally recognised, is the manufacturing of smart cards for several purposes i.e. ID, transport, cryptographic, multi-application, corporate cards, debit/credit chip cards (EMV), etc.

Regarding the security support, in 1996 the Department of CERES was created to establish a Public Key Infrastructure to provide certification services to third parties. Nowadays, CERES is a consolidated department and its infrastructure is used by 10 regional governments, 5500 local councils, 8 ministries and many Autonomous Government Entities. More than 700.000 users employs the electronic certification services developed by the mentioned organizations in collaboration with the FNMT-RCM.

TÜV Informationstechnik GmbH

TÜViT - The Trust Provider


TÜV Informationstechnik GmbH, short TÜViT, works impartially, objectively and competently in the field of information technology. As a provider of trust in quality and security of information technology, we focus on assessing, testing and certifying IT products, IT systems and IT processes.

In the field of IT security, TÜViT provides security testing, evaluations and certifications which comply with European and international standards and meet specific security criteria at all levels.

Sharp Corporation

SHARP Corporation

Founded in 1912, the Sharp Corporation spans the world as a leading developer of core digital technologies that play primary roles in the emergence of integrated multimedia based products and services.

Sharp Digital Document Systems, a division of Sharp Electronics, provides innovative office solutions with value added features that meet the needs of today's information technology-oriented businesses.

Since production of our first photocopier in 1972, our full product line-up now ranges from space-saving personal printers and copiers, black & white and colour, through to high speed, high volume, digital multifunction systems.

Our range of digital copiers, printers and multifunction devices have a number of options to protect your data and documents from unauthorised access. These include a sophisticated firewall to eliminate hacking attempts, a secure printing mode that prevents the output of a document until the user is present at the machine, and the Data Security Kit, which when installed brings assured security to the entire device.

Sharp's Data Security Kit includes powerful encryption algorithms as well as secure overwriting of any stored data, and was the industry's first Common Criteria validated solution for document and information security.

For more information please visit www.sharp-world.com or contact security@esbc.sharp-eu.com.

T-Systems - Deutsche Telekom's business customer brand


T-Systems is a one-stop information and communications technology (ICT) service provider. As a leading European and global player, T-Systems delivers ICT solutions that enhance companies' flexibility and competitiveness. In the field of “Security” we have more than 20 years experience and offer a comprehensive portfolio of security services and solutions:

Security Consulting: comprehensive consultancy services for all aspects of e-business and information security including security testing (ethical hacking) and other services.

Security Solutions: design and realization of custom solutions for secure communication, electronic workflow using e.g. digital signatures as well as access control and encryption.

Security Engineering: design and development of customer-specific security software and systems for specific security requirements in vertical markets.

Security Evaluation: evaluation of products and systems in the following frameworks and criteria:

These standards and schemas are as international as our business is. Though being located in Germany and Singapore only, the evaluators of T-Systems serve customers around the globe.

For more information please visit www.t-systems.com or www.t-systems-ict-security.com or send an email to info.itc-security@t-systems.com.

Safelayer Secure Communications, S.A.

Safelayer Secure Communications

Safelayer Secure Communications, S.A. is a leading company in the field of security and trust for ICT, which makes us a reference in major projects focusing on technology for the authentication, authorisation, integrity and confidentiality of citizens' identity.

This is accredited by our products' presence in the most important projects carried out using these technologies, including those led by the Ministry of Defence (CNI), CIS (Plan Director), CERES (FNMT), Caja Madrid, the Spanish Justice Ministry, the Central Bank of Spain (Banco de España), the Digital ID Card of the Ministry of the Interior or the NATO Message System in Brussels. This stands as proof of our company's major progress in Research, Development and Innovation (RDI) and permanent search for the strict compliance of the most demanding security and interoperability standards.

In addition to being the first Spanish company to achieve a CC certificate for a PKI protection profile, our product range has undergone independent evaluations by CESTI, a laboratory belonging to INTA and accredited by the Esquema Nacional de Evaluación y Certificación de Sistemas y Tecnologías de la Información (ENECSTI), achieving its security certification for the following: KeyOne 2.1 with a CC EAL2 guarantee level, and KeyOne 3.0 with a CC EAL4+ (ALC_FLR.2) guarantee level in compliance with the security level 3 CIMC Protection Profile (Certificate Issuing and Management Component, NIST, 31 October 2001).

It has always been said that political and corporate systems change incrementally, whilst technology changes exponentially. At Safelayer, this theory is clearly proven.

Today, society undoubtedly perceives digital identity and electronic signature as the “competitive tools of the 21st century” that will enable us to take advantage of the power that ICTs provide to society in relationships established between social agents, companies and citizens.

Lucent Technologies.

Lucent Technologies

Lucent Technologies designs and delivers the systems, services and software that drive next-generation communications networks. Backed by Bell Labs research and development, Lucent uses its strengths in mobility, optical, software, data and voice networking technologies, as well as services, to create new revenue-generating opportunities for its customers, while enabling them to quickly deploy and better manage their networks. Lucent's customer base includes communications service providers, governments and enterprises worldwide.

Lucent's market vision is converged services -- creating networks that deliver communications services that are simple, secure and seamless; personal and portable; for people at work, home or anywhere in between. With two operating units -- Network Solutions Group and Lucent Worldwide Services -- Lucent meet the needs of its customers and helps those customers create, build and maintain the most innovative, reliable and cost-effective networks.

Network Solutions Group: Lucent Technologies' Network Solutions Group is dedicated to helping service providers capture the market opportunities being created by the growing demand for blended lifestyle services. To better support our wireline, mobile and converged customers, Lucent has combined its wireless and wireline business units to form a single, unified organization squarely focused on delivering the vision, architectures and solutions needed to enable the rapid, cost-effective delivery of integrated voice, data, video and multimedia services to subscribers, anytime, anywhere.

Lucent Worldwide Services: Lucent Worldwide Services (LWS) is one of the industry's most experienced and knowledgeable network services organization. With technicians, network designers, consultants and engineers, LWS serves the world's largest service providers, enterprises and government institutions in countries around the world.

Bell Labs: Bell Labs is the largest R&D organization focused on the communications networking needs of the U.S. government and service providers around the world and is the leading source of new technologies found in communications networking today. Bell Labs' innovations span numerous diverse fields such as physical sciences nanotechnology, computer sciences and software, mathematical sciences, advanced wireless and wireline networking research and network security, standards and planning.

Researchers at Bell Labs have received six Nobel Prizes in physics, nine U.S. National Medals of Science and seven U.S. National Medals of Technology. Our scientists and engineers also have earned more than 31,000 patents since 1925 and have played a pivotal role in inventing or perfecting most of the key communications technologies in use today.

For more information on Lucent Technologies, please visit http://www.lucent.com



Applus+ is the first certification provider company in Spain.

Since its foundation in 1907 and as ISO 17205 independent laboratory, the objective of Applus+ CTC has been to provide technological support to the industry performing laboratory testing, calibration of equipments, certification, technical training and investigation and development (I+D+i) amongst other services requested by our customers.

Applus+ CTC is formed by 15 centres where we develop latest technology in as many different disciplines as they can be polymers, chemical, environment, electromagnetism, acoustics, mechanical, telecommunications, fire, energy, laser and ICT.

In the field of Information and Communication Technologies, Applus+ CTC is having an expert and motivated team of engineers in several areas as intelligent traffic and transport systems (ITS), information security management systems (ISMS), gaming technologies and Smart Cards applied to electronic payment systems, health and identification. Applus+ CTC is recognised since 1998 by Visa International as external laboratory to provide functional and security testing for Smart Cards in payment environments.

Moreover, in order to complement the services to our customers, Applus+ CTC is working to offer security evaluations according to Common Criteria methodology in a very short time.



Isdefe was created in 1985 as a technical consultancy and systems engineering company to provide consulting services and technical engineering support to the Spanish Ministry of Defence, the Armed Forces and other public Ministries and official institutions which demand our work. This special framework makes the company unique due to our:

Besides maintaining and strengthening our traditional activities in the Defence and Security sector, Isdefe is also expanding its work in the civil field in the Transport, Information Technologies and Communications sectors.

To provide an adequate response to the increasing market demands, Isdefe offers a wide rage of consultancy services in order to satisfy our costumers' requirements and the final users' needs. Isdefe's activities are encompassed in three broad categories: Strategic Consultancy, Programme Management Support and Project Development.

During all these years Isdefe has reached a high degree of specialisation and know-how in the following areas of knowledge, becoming the reference point in many of them.

  • Telecommunications
  • Air Traffic Control
  • Business Processes Management
  • Knowledge Management
  • Simulation And Modelling
  • Regulation And Standards
  • Protection And Security
  • Ordnance And Weapons Systems
  • Information Technologies
  • Electronic Warfare
  • Systems Engineering
  • Software Engineering
  • Ground, Naval And Aerial Platforms
  • Networks And Systems Security
  • Intermodal Transport
  • Airport Operation Integration
  • Environment Management
  • Intelligence And Surveillance
  • Logistics And Support Infrastructure
  • Command And Control (C4I)
  • Sensors
  • Satellites
  • Processes Engineering
  • Industrial Co-Operation
  • Offset And Compensations

atsec information security


atsec information security is the world leader in Common Criteria evaluation of operating systems. Operating system evaluation is the greatest test of competence in the field, and atsec continues to earn its reputation as the world leader in this sphere.

atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in January 2000 and has extensive international operations with offices in the US, Sweden, the UK, and China. atsec leverages its deep security, process, and standards expertise to consult on a wide range of IT security needs, enabling clients to establish integrated security management procedures in order to manage security risk and improve data, product, and business process reliability. atsec works with leading global companies such as IBM, HP, Oracle, SGI, and Cray. In addition to our Common Criteria labs, atsec also offers accredited laboratory services for Cryptographic Module Testing (FIPS 140-2) and Personal Identity Verification (FIPS 201). atsec's expert IT security consulting services include penetration testing, and FISMA (FIPS 200) and ISO/IEC 27001 consulting.

Please take a look at:

CESTI - Information Technology Security Evaluation Centre


INTA, by means of the IT Security Evaluation Centre (CESTI), offers an accreditated service of IT security evaluations in conformance with Information Technology Security Evaluation Criteria (ITSEC) and the Common Criteria (CC, also known as ISO/IEC15408 ) international standards, within the Spanish National IT Security Evaluation and Certification Scheme under the National Security Agency (CNI) authority.

Accreditations granted by the Spanish National Entity for Accreditation (ENAC) & CCN.