Certifications

Common Criteria is an internationally recognized independent security certification recognized by governments in 31 countries across Europe, Australia, Asia and North America. Certus is Common Criteria (ISO/IEC 15408) certified.

The Asset Disposal & Information Security Alliance (ADISA) audit process is multi-layered and includes full audits, unannounced operational audits and forensic audits. Certus’s SSD Erasure Method passed Level II (attack by a threat adversary using standard intrusive/destructive testing tools designed to read data directly off a chip) and for Mobile Devices Level I (attack by a threat adversary using COTS forensic tools and techniques) testing.

Hunguard is a leading provider of IT security services in Hungary, specializing in security assessments, IT system audits and evaluations, and IT security consulting. CECE Software System v1.2.0, developed by Certus, is certified by Hunguard at EAL3 level in accordance with MSZ EN ISO/IEC 15408-3:2020.

Certus is certified by the National Cyber Security Centre, the UK Government’s National Technical Authority for Information Assurance. It has been assessed under the CPA scheme for its "Data Sanitisation – Overwriting Tools for Magnetic Media".

Certus Erasure 3.47.2 has received the ADISA NIST 800-88 and IEEE 2883-2022 Product Assurance Certification, achieving an Assurance Level 5 pass for its erasure capabilities. Our software successfully meets all Level 5 requirements for both Magnetic Hard Drives and Solid State Drives, in accordance with NIST 800-88 and IEEE 2883-2022 standards.

Certus is recommended by NATO and included in the prestigious NATO Information Assurance Product Catalogue (NIAPC).

NSM grants approval for the use of Certus to delete data on storage media. After an overall assessment of the documentation it is concluded that the deletion tool satisfies requirements for secure deletion of data in accordance with the Norwegian Security Act, Common Criteria, NSM’s Handbook on the destruction of documents and storage media and current standards.

The National Institute of Standards and Technology, an agency within the United States Department of Commerce, is dedicated to fostering American innovation and improving industrial competitiveness. Certus complies with the guidelines in NIST SP 800-88 Rev. 1.

The Institute of Electrical and Electronics Engineers (IEEE) is a distinguished American 501 professional association catering to electronics engineering, electrical engineering, and allied fields. Certus complies with the standards outlined in IEEE 2883-2022.

Certus ensures compliance with the General Data Protection Regulation (GDPR), a fundamental European Union regulation governing information privacy within the European Union and the European Economic Area. The GDPR stands as a pivotal pillar of EU privacy law and human rights law, notably encompassing Article 8 of the Charter of Fundamental Rights of the European Union.

Certus ensures compliance with the Health Insurance Portability and Accountability Act (HIPAA), a crucial federal law in the United States that oversees the privacy and security of Personal Health Information (PHI).

Certus complies with the South African Protection of Personal Information Act (POPIA), which is designed to regulate the processing of personal information by both public and private entities in South Africa. POPIA sets forth principles to ensure the lawful and responsible handling of personal data, with the primary objective of safeguarding individuals' privacy rights.

Certus complies with the regulations set forth by the Turkish Data Protection Authority (KVKK), ensuring that individuals' privacy rights are protected and data protection practices are upheld in Turkey.

Certus complies with the Digital Personal Data Protection Act, 2023 (DPDP Act or DPDPA-2023). This legislation of the Indian Parliament ensures that digital personal data is processed in a manner that respects the rights of individuals to protect their personal data while recognizing the legal purposes for processing such data.