Schneider Electric, the leader in digital transformation of energy management and automation, has become the first major industrial control and energy management product and systems vendor to receive the coveted CREST accreditation for penetration testing.
Following a rigorous assessment of Schneider Electric’s business processes, data security and pen-testing methodologies, CREST, the international not-for-profit accreditation and certification body representing the technical cybersecurity industry, has acknowledged Schneider Electric’s product security teams for their skills and proficiency when it comes to testing the resilience and security of the company’s products and systems. The certification warrants the strength of Schneider Electric’s processes and abilities and applies to the company’s Global Security Labs, which are dedicated to product penetration testing.
Securing the digital ecosystem
“Schneider Electric has an unwavering commitment to forging the secure products and systems that safeguard trust across the digital ecosystem,” said Klaus Jaeckle, Chief Product Security Officer, Schneider Electric. “CREST accreditation is a demonstration of our approach to continually strengthening our offers and evolving our practices so we can further help our customers address new threats and threat vectors. We follow a secure-by-design development lifecycle process that has been certified to comply with the prevalent ISA/IEC 62443-4-1 cybersecurity standard. Penetration testing is a mandatory and essential part of that process, and it ensures cybersecurity is considered in every phase of product development. By continuing to strengthen our processes, fortify our products and empower our people, we are providing our customers a pathway to a more secure environment, even as their needs and threats evolve.”
In collaboration with industry and governments, CREST has built a meaningful framework for measuring the capability of cybersecurity companies and their workforces. This approach supports governments, regulators and buyers in identifying capable suppliers that can deliver high-quality technical cybersecurity products and services.
“I am delighted to welcome Schneider Electric as an accredited CREST Member,” said Ian Glover, President, CREST. “CREST accreditation demonstrates that Schneider Electric’s product and systems penetration testing has been through a demanding assessment process and is supported by best-in-class data-handling processes, quality assurance policies and technical methodologies. It is an additional layer of confidence for Schneider Electric’s global customers and partners, and it validates the company’s commitment to helping solve today’s most pressing cybersecurity challenges.”
CREST provides internationally recognized accreditation for organizations and individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence services, and Security Operations Center services.
About CREST
CREST is a not-for-profit accreditation and certification body that represents and supports the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in fast changing technical security environments the certification process is repeated every three years. For more information about CREST, please see www.crest-approved.org.
