The TÜV TRUST IT GmbH, part of the TÜV AUSTRIA Group, confirms the security of the development processes at ECOSPEED AG with its certification seal.
Because generating environmental indicators requires the highest level of accuracy and protection against manipulation, ECOSPEED AG had the development of its climate protection software products certified by TÜV TRUST IT. The certification seal confirms the security of the software development processes.
ECOSPEED AG, a former spin-off of the Swiss Federal Institute of Technology Zurich (ETH) with offices in Zurich and Bonn, is a highly specialized software provider for energy, environmental, and climate applications. Its various web-based software solutions for calculating, managing, and simulating environmental indicators and measures are used by government agencies, companies, and private users.
Since these solutions involve sensitive data such as energy costs and demand high precision and security, the market increasingly requires objective proof of software quality and development processes. TÜV TRUST IT was therefore commissioned by ECOSPEED AG to examine the software development process in preparation for a “Trusted Development” certification of the development environment. The goal of the analysis was to identify security-relevant risks that could allow external attackers to compromise ECOSPEED AG’s security objectives and undermine the integrity, confidentiality, and availability of processes and customer data.
To this end, assessments were conducted in the categories of software design, planning and implementation, IT security, information protection, and data privacy. The “Trusted Development” requirements catalog is based on various standards, regulations, and laws, as well as TÜV TRUST IT’s own criteria and IT security best practices.
A central component of the certification project was an audit of the software development process, analyzing the security measures integrated into it. According to the requirements catalog, this covered all phases from requirements definition, design, and implementation to testing, deployment, and operation. Another part of the assessment focused on the technical review of the infrastructure used for development. The actual security level was determined based on the “Trusted Development” requirements.
In addition, TÜV TRUST IT experts examined relevant organizational processes based on international and national standards. They also verified whether access control measures for program source code and related elements were properly established.
“ECOSPEED AG meets the requirements of the ‘Trusted Development’ audit catalog. The portal proved to be robust against attack patterns typical for web applications during the analysis,” explains André Zingsheim, Project Manager at TÜV TRUST IT. “Identified vulnerabilities during the audit were promptly addressed with appropriate measures, gradually achieving a high level of security. A process also ensures that new vulnerabilities are responded to, initiating corresponding actions to maintain a consistently high level of security.”
Thus, the certification seal confirms that the software development process at ECOSPEED AG is suitable for producing secure software.
“The certification seal is the ideal tool for us to transparently demonstrate to our customers and partners that our software solutions are secure and their data is in good hands with us. However, the result of the certification process is not only the seal itself, but also a wealth of new experiences and insights that ultimately benefit our customers through our solutions,” explains Thomas Herzberger, Director Software Development at ECOSPEED AG.