Concerned About Document Security? How Common Criteria Certification Helps

Guest post by Alan Sukert, Xerox Senior Product Security Specialist

Everyone is concerned about data, whether it’s your company’s intellectual property, a customer’s address, employee social security numbers, bank account numbers, a medical ID or license number.

Handling customer data is a priority for companies, as customers entrust organizations to handle their personal information in a secure manner. Whether it’s printing and mailing monthly bank statements or quarterly retirement financial reports, to providing a medical benefits package with a health assessment, it all comes down to trust.

The above also holds true for securing documents that contain personal or confidential data that need to be printed, scanned, copied or faxed. There are many layers of defense, from physical security to handling the digital document sent to a multifunction printer.

Printers and Common Criteria Certification

Multifunction printers are computer systems that have security features and functions to secure the device, the data and the document. It’s smart to ask about industry or global standards that give you confidence that printed, scanned, copied or faxed documents are protected from unauthorized disclosure or modification.

Common Criteria Certification is one such global security standard that comes to mind. Common Criteria is an international standard (ISO/IEC 15408) adopted by 28 countries, including the U.S. It specifies the security functional and assurance requirements through protection profiles that a particular class of products, including multifunction devices, must meet. It’s the only internationally recognized security certification standard.

Accredited Third-party Testing for Device Security Certifications

An accredited third-party lab performs security certifications using a rigorous, documented process specified by the Common Criteria standard. The standard tests against applicable security protection profiles. This provides independent assurance that the product being certified (multifunction devices, in this case) meets all the required functional and assurance requirements necessary to achieve certification. Multifunction device users know that attributes claimed by vendors such as Xerox to protect the confidentiality and integrity of documents and data actually meet those claims.

This helps establish a high degree of confidence that the product security features in a multifunction device that has completed Common Criteria Certification do in fact protect personal and corporate data. The rigorous, independent quality assurance process based on a recognized industry standard provides a degree of confidence that can be obtained in no other way.

Want to learn more about document security practices? Read this blog post and download our guide to “Document and Endpoint Security: Checklists and Discussion Guides for Buying Teams.”


Related Posts