ISO/IEC 17020 Inspection Body
First Recognized in Europe
The European Regulation (EU) 2019/881, known as the “Cybersecurity Act,” entered into force on 27 June 2019, a regulatory framework for the certification of ICT products and digital services security. Cybersecurity has become a crucial element for the success of any business in the European market, requiring the ability to demonstrate the security of managed information and protection against cyberattacks. This evidence must be supported by audits carried out by independent third parties, whose credibility enhances the value of the certification.
As a result of this regulatory context and new market requirements, Gerico Security Srl has established the first inspection body for information security and cybersecurity recognized in Europe, accredited under ISO/IEC 17020 by Accredia, the Italian accreditation body. The inspections are conducted and validated through an Inspection Certificate, which guarantees the reliability of the assessments and compliance with the required security standards.
Scan the QR code to view and/or download our accreditation certificate with your smartphone
ISO/IEC 17020 Inspection Body
First Recognized in Europe
The European Regulation (EU) 2019/881, known as the “Cybersecurity Act,” entered into force on 27 June 2019, a regulatory framework for the certification of ICT products and digital services security. Cybersecurity has become a crucial element for the success of any business in the European market, requiring the ability to demonstrate the security of managed information and protection against cyberattacks. This evidence must be supported by audits carried out by independent third parties, whose credibility enhances the value of the certification.
As a result of this regulatory context and new market requirements, Gerico Security Srl has established the first inspection body for information security and cybersecurity recognized in Europe, accredited under ISO/IEC 17020 by Accredia, the Italian accreditation body. The inspections are conducted and validated through an Inspection Certificate, which guarantees the reliability of the assessments and compliance with the required security standards.
Scan the QR code to view and/or download our accreditation certificate with your smartphone
Buono a sapersi
How Does a Cybersecurity Inspection Work?
The organization undergoes an inspection to assess the current state of information security and cybersecurity according to the four dimensions of the “Cybersecurity Pyramid.”
The inspection can apply to a specific perimeter of the organization or a third-party organization (e.g., a supplier), and will follow the criteria of:
- Objectivity, measuring the current state according to predefined parameters,
- Neutrality with respect to biased beliefs,
- Impartiality and absence of conflicts of interest.
Then, the organization receives two documents:
- The Inspection Report which contains the assessments and measurements of the organization’s current cybersecurity levels.
- The Inspection Certificate is a summary that can be used to demonstrate the organization’s cybersecurity maturity to third parties (e.g., clients, insurance companies to determine cyber policies, regulatory bodies, public administrations).
The Inspection Certificate is digitally signed, and if the organization voluntarily provides it to third parties (e.g., a client), the third party can request Gerico Security to verify its authenticity by sending a motivated request and a copy to: OdI@gerico-sec.it
- What Do We Mean by Inspection?
An inspection refers to the examination of information security in the processes and services that applies to defined perimeter, aimed at determining the level of compliance and maturity concerning international best practices related to information security, cybersecurity, and data protection, in particular, according to the CSF – Cyber Security Framework and the Framework Nazionale per la Cybersecurity e la Data Protection. - Why Rely on an Inspection Body in conformity with ISO/IEC 17020?
The ISO/IEC 17020 standard defines the general criteria for the operation of Inspection Bodies and the competency requirements they must meet to ensure the reliability of conformity assessments provided to clients and supervisory authorities.
Inspection Body
An ISO/IEC 17020 Inspection Body adheres to specific formal characteristics requiring:
- Impartiality,
- Independence,
- Fairness,
- Competence.
Inspection Bodies operating according to strict formal criteria carry out evaluations on behalf of private clients, associated organizations, or authorities with the goal of providing a compliance judgment based on the technical and regulatory requirements defined in various cybersecurity norms and practices on the market.
