My company develops a range of products in the desktop software, cloud and hardware spaces for the IT domain.
I have been looking into a process for gaining third party validation and certification for the various products and would be interested in hearing peoples thoughts on what would make sense from their perspective.
There are a variety of options to choose from.
For the cloud products we are looking at ISO27001 and CSA Star and I would be comfortable that we are moving in the right direction with is one.
The hardware products space is a little more difficult.
There is ISO15408 (Common Criteria), UL2900, IEC62443 (focussed more on the OT space than the IT space but seems to be gaining more recognition) or we could just have products independently tested by a reputable third party as an intermediate step.
For anyone purchasing IT equipment into a datacenter or computer room today what requirements/standards would you expect equipment to have?
For anyone making a decision on product certification for their IT equipment today what direction would you go ?
I would be interested in hearing peoples thoughts on this. Thanks very much in advance !