We offer various levels of certification for mobile and web applications.
For web applications:
Level 1 is a bare minimum that all applications strive for. It is also useful as a first step in a multi-phase effort or when applications do not store or handle sensitive data and therefore do not need the more rigorous controls of Level 2 or 3.
An application achieves Level 2 if it adequately defends against most of the risks associated with software today. Level 2 ensures that security controls are in place, effective and used within the application. Level 2 is typically appropriate for applications that handle significant business – to – business transactions, including those that process healthcare information, implement business-critical or sensitive functions, or process other sensitive assets.
Level 3 is the highest level of verification. This level is typically reserved for applications that require significant levels of security verification, such as those that may be found within areas of military, health and safety, critical infrastructure, etc. Organizations may require Level 3 for applications that perform critical functions, where failure could significantly impact the organization’s operations.
For mobile applications:
A mobile app that achieves Level 1 adheres to mobile application security best practices. It fulfils basic requirements in terms of code quality, handling of sensitive data, and interaction with the mobile environment. A testing process must be in place to verify the security controls. This level is appropriate for all mobile applications.
Level 2 introduces advanced security controls that go beyond the standard requirements and include threat models and controls. This level is appropriate for apps that handle highly sensitive data, such as mobile banking apps.
Mobile application achieving Level 3 is the app that has state-of-the -art security. This level is applicable to apps that handle highly sensitive data and may serve as a means of protecting intellectual property or tamper -proofing an app.