Updating Certified Products
This presentation will look at the processes to be applied if an already-certified product needs to be updated. The problem is known: Every product needs to be updated from time to time, based on security or functional reasons. But what are the possibilities if the product is already certified? Is it possible to update the product, without the risk of losing the certificate? Are there defined allowable changes? What does Predictive Assurance mean, and is it possible? Or is there a fast review solution, like the maintenance process? This presentation will review the processes applied in various existing schemes, with a special focus on the schemes already represented in the scope of the EU Cyber Act, e.g. SOGIS Schemes, Light CC schemes and approaches, IoT schemes. This presentation then will summarize the advantages and disadvantages of the applied solutions from the viewpoint of the different roles, the developer, the evaluation facility and the certification body.