Secure Products Security Appraisal Form
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Secure Products Security Appraisal Form as PDF for free.
More details
- Words: 1,698
- Pages: 16
Secure Products Security Appraisal Form
ID number: (QA use only) Revision: (QA use only)
Atmel Security and Risk Management Group Contact Details By Phone:
+ 44 (0) 1355 803000
By Fax:
+ 44 (0) 1355 242744
By Email:
[email protected]
By Post:
Atmel – Secure Products The Maxwell Building Scottish Enterprise Technology Park East Kilbride Glasgow G75 0QR Scotland United Kingdom
Guidelines: This document must be completed for all prospective smart card IC customers. Please note this document is split into two sections A & B. The Smart Card Security Appraisal Form should be completed in conjunction with your customer.
Section A must be completed by the prospective company.
Section B must be completed by the company’s Atmel representative.
Once completed please send to Security and Risk Management Group by email, fax or post as detailed above.
Atmel General Business Information
Secure Products Security Appraisal Form
Contact Details Details of Company Customer Name Address
Post Code Telephone # Web Site URL Customer Contact Email Address
Details of Atmel Representative Atmel Rep Address
Post Code Telephone #
Atmel General Business Information Page 2 of 16
ID number: (QA use only) Revision: (QA use only)
Secure Products Security Appraisal Form
Post Code Email Address
Atmel General Business Information Page 3 of 16
ID number: (QA use only) Revision: (QA use only)
Secure Products Security Appraisal Form
ID number: (QA use only) Revision: (QA use only)
Section A – To be completed by Company Please complete section A of this questionnaire. Your Atmel Representative should complete section B. Delete as appropriate
Business History Is the company an existing Atmel customer for products other than Smart Card or Secure Microcontroller technologies?
Yes
No
If Yes, since when? Please give details below Please state the product part number/family: Please outline the intended application/end use: Delete as appropriate
Business Information Do you plan to use any contractors or consultant companies in this project?*1
Yes
No
(i.e. software development, module assembly) If yes, please include details below
Please state your preferred shipping carrier2 for shipment of smartcard products: Carrier name
If contractors or consultants are being used a Mutual Non Disclosure Agreement with Atmel must be executed 1
Shipping carriers should be approved the Atmel Security & Risk Management Group. For details of approved shipping carriers please contact [email protected] 2
Atmel General Business Information Page 4 of 16
Secure Products Security Appraisal Form
Account number
Atmel General Business Information Page 5 of 16
ID number: (QA use only) Revision: (QA use only)
Secure Products Security Appraisal Form
ID number: (QA use only) Revision: (QA use only)
Define Application Please identify proposed application(s) using Atmel Smart ICs products and end customer(s)
Which Atmel Smart Card ICs product: What encryption facility is proposed for the application? Which of the following will you require from Atmel to support your project?3
Delete as appropriate
Samples
Yes
No
Confidential data sheets
Yes
No
Development Tools
Yes
No
Delete as appropriate
The Smart Card development team Name of leader or manager of the team: Number of engineers involved: Have employee background checks been performed? What is the staff turnover rate? Have employees signed confidentiality agreements within their contract of employment?
Yes
No
Annual % Yes
No
In the event that confidential information from Atmel will be transmitted in any form to contractors or consultant companies a separate non disclosure agreement must be executed between the transmitter and recipient companies. Please refer to Section 3 of the Atmel Mutual non disclosure agreement outlining this requirement 3
Atmel General Business Information Page 6 of 16
Secure Products Security Appraisal Form
ID number: (QA use only) Revision: (QA use only)
Delete as appropriate
The Smart Card development team continued Do confidentiality clauses remain in force after termination of employment?
Yes
No
Does the company use, or plan to use, subcontractors in their Smart Card project work?
Yes
No
If yes, how is confidential material protected?
Manufacturing Controls Do you operate a manufacturing site? If yes, please provide details of the address below 4 Company Name Address
Post Code Country
Delete as appropriate
Ownership, and control of company Government owned
Partly
Wholly
Privately owned Name of major shareholder(s) and percentage of share held
If manufacturing operates at a different location, the Security section of this document must be applied separately to that location 4
Atmel General Business Information Page 7 of 16
Secure Products Security Appraisal Form
ID number: (QA use only) Revision: (QA use only)
%
%
%
%
%
%
Atmel General Business Information Page 8 of 16
Secure Products Security Appraisal Form
ID number: (QA use only) Revision: (QA use only)
Ownership, and control of company continued Please list all other associated, owned or partial owned companies:
Delete as appropriate
Company history and information Date company was founded Has the company operated under any other name (past or present)?
Yes
No
Yes
No
Yes
No
If YES, please give details
Have any company directors held directorship in any other company (past or present)? If YES, please give details
Is the company already involved in security conscious business? If Yes, for how many years? And in which area
If no, please define current interest
Approximate annual turnover of company Total number of employees’
Atmel General Business Information Page 9 of 16
Secure Products Security Appraisal Form
Atmel General Business Information Page 10 of 16
ID number: (QA use only) Revision: (QA use only)
ID number: (QA use only)
Secure Products Security Appraisal Form
Revision: (QA use only)
Delete as appropriate
Use of products Has/is the company involved in any business practice that would involve the illegal use of Atmel products?
Yes
No
Can the company’s products be misused to attack Pay TV, financial or other secure systems?
Yes
No
To the best of your knowledge, have any of the company’s products been used or are being used in counterfeiting activities?
Yes
No
If so, please explain the actions taken by the company to avoid further misuse:
Additional information Please use this space to include any other supporting information that may be useful to your application:
Signed: Company Representative
Date:
Atmel General Business Information Page 11 of 16
ID number: (QA use only)
Secure Products Security Appraisal Form
Revision: (QA use only)
Section B – To be completed by Atmel Representative Delete as appropriate
Fast track approval option
Does the company hold security approval from any other smart card organization? E.g. Common Criteria, Itsec, Visa, MasterCard, government authorities or local banks Yes
No
Identify approval held and date of last security review Certificate issued by: Certificate No: Last Review Date: Please include a copy of the relevant Certificate when submitting to Atmel Security & Risk Management Group for review and approval In the event that company hold security approval from any other recognized smart card organization and copies of the relevant Certificate is provided ‘Fast Track Approval’ can be implemented. In this case Section A must be completed by the company and Section B should be signed by the Atmel representative. Final review and approval will remain the responsibility of the Atmel Smartcard Security Group at East Kilbride.
Atmel General Business Information Page 12 of 16
Secure Products Security Appraisal Form
Smart Card Development area security review Are Smart Card development projects carried out in a controlled area?
ID number: (QA use only) Revision: (QA use only)
Delete as appropriate
Yes
No
What access control mechanism(s) is used for the above area?
Who controls and authorizes access to this area? And is there a dual signature required for this authorization?
Yes
No
Is Smart Card related information kept in a lockable strong cabinet or safe?
Yes
No
Is such storage allocated on an individual or a group basis?
Individual
Group
Is there a procedure for controlling access to sensitive Smart Card information and development hardware, which ensures projects are maintained separate from each other?
Yes
No
Is there a procedure for restricting copy or removal of information and development hardware from company's premises?
Yes
No
Protected against unauthorized access?
Yes
No
Standalone with no connection with the outside world?
Yes
No
If networked, is access to Smart Card network limited and controlled?
Yes
No
Are computers used for Smart Card development…
Please define Password controls and how they are implemented including period after which change is forced by system or administrator. Atmel General Business Information Page 13 of 16
Secure Products Security Appraisal Form
ID number: (QA use only) Revision: (QA use only)
If external access is possible please define control methods and who controls it?
Delete as appropriate
General building security Is an access control system used?
Yes
No
If yes, specify method used and policy in the event of a lost or misplaced access card.
Are employees required to wear ID badges?
Yes
No
Are close circuit monitors fitted?
Yes
No
If yes, identify areas covered and define recorded tape retention policy
Are intruder alarm systems utilized as a security tool?
Yes
No
If yes, describe briefly alarm sensor types in use and response to incident alarm by management
Are the premises guarded during and after work hours?
Yes
No
Are the guards' contractors?
Yes
No
Atmel General Business Information Page 14 of 16
Secure Products Security Appraisal Form
Is there a policy, which defines training requirements and where guards are contractors identifies a core group of guards who are accepted as suitable for the task?
Yes
Atmel General Business Information Page 15 of 16
ID number: (QA use only) Revision: (QA use only)
No
ID number: (QA use only)
Secure Products Security Appraisal Form
Revision: (QA use only)
Conclusions by Atmel Representative Delete as appropriate
Compliance Is documentation available for all above mentioned procedures?
Yes
No
Don’t know
Are procedures regularly reviewed and audited?
Yes
No
Don’t know
Delete as appropriate
Recommendation Have all CAP documents been completed? Non disclosure agreement (either standard or mutual)
Yes
No
Security Verification – Silicon
Yes
No
Security Verification – Development Tools & Information
Yes
No
Export Documentation (outside EU and member states only)
Yes
No
Do you recommend that the customer receive approval?
Yes
No
Additional comments in support of approval
Signed: Atmel Representative
Date:
Atmel General Business Information Page 16 of 16
ID number: (QA use only) Revision: (QA use only)
Atmel Security and Risk Management Group Contact Details By Phone:
+ 44 (0) 1355 803000
By Fax:
+ 44 (0) 1355 242744
By Email:
[email protected]
By Post:
Atmel – Secure Products The Maxwell Building Scottish Enterprise Technology Park East Kilbride Glasgow G75 0QR Scotland United Kingdom
Guidelines: This document must be completed for all prospective smart card IC customers. Please note this document is split into two sections A & B. The Smart Card Security Appraisal Form should be completed in conjunction with your customer.
Section A must be completed by the prospective company.
Section B must be completed by the company’s Atmel representative.
Once completed please send to Security and Risk Management Group by email, fax or post as detailed above.
Atmel General Business Information
Secure Products Security Appraisal Form
Contact Details Details of Company Customer Name Address
Post Code Telephone # Web Site URL Customer Contact Email Address
Details of Atmel Representative Atmel Rep Address
Post Code Telephone #
Atmel General Business Information Page 2 of 16
ID number: (QA use only) Revision: (QA use only)
Secure Products Security Appraisal Form
Post Code Email Address
Atmel General Business Information Page 3 of 16
ID number: (QA use only) Revision: (QA use only)
Secure Products Security Appraisal Form
ID number: (QA use only) Revision: (QA use only)
Section A – To be completed by Company Please complete section A of this questionnaire. Your Atmel Representative should complete section B. Delete as appropriate
Business History Is the company an existing Atmel customer for products other than Smart Card or Secure Microcontroller technologies?
Yes
No
If Yes, since when? Please give details below Please state the product part number/family: Please outline the intended application/end use: Delete as appropriate
Business Information Do you plan to use any contractors or consultant companies in this project?*1
Yes
No
(i.e. software development, module assembly) If yes, please include details below
Please state your preferred shipping carrier2 for shipment of smartcard products: Carrier name
If contractors or consultants are being used a Mutual Non Disclosure Agreement with Atmel must be executed 1
Shipping carriers should be approved the Atmel Security & Risk Management Group. For details of approved shipping carriers please contact [email protected] 2
Atmel General Business Information Page 4 of 16
Secure Products Security Appraisal Form
Account number
Atmel General Business Information Page 5 of 16
ID number: (QA use only) Revision: (QA use only)
Secure Products Security Appraisal Form
ID number: (QA use only) Revision: (QA use only)
Define Application Please identify proposed application(s) using Atmel Smart ICs products and end customer(s)
Which Atmel Smart Card ICs product: What encryption facility is proposed for the application? Which of the following will you require from Atmel to support your project?3
Delete as appropriate
Samples
Yes
No
Confidential data sheets
Yes
No
Development Tools
Yes
No
Delete as appropriate
The Smart Card development team Name of leader or manager of the team: Number of engineers involved: Have employee background checks been performed? What is the staff turnover rate? Have employees signed confidentiality agreements within their contract of employment?
Yes
No
Annual % Yes
No
In the event that confidential information from Atmel will be transmitted in any form to contractors or consultant companies a separate non disclosure agreement must be executed between the transmitter and recipient companies. Please refer to Section 3 of the Atmel Mutual non disclosure agreement outlining this requirement 3
Atmel General Business Information Page 6 of 16
Secure Products Security Appraisal Form
ID number: (QA use only) Revision: (QA use only)
Delete as appropriate
The Smart Card development team continued Do confidentiality clauses remain in force after termination of employment?
Yes
No
Does the company use, or plan to use, subcontractors in their Smart Card project work?
Yes
No
If yes, how is confidential material protected?
Manufacturing Controls Do you operate a manufacturing site? If yes, please provide details of the address below 4 Company Name Address
Post Code Country
Delete as appropriate
Ownership, and control of company Government owned
Partly
Wholly
Privately owned Name of major shareholder(s) and percentage of share held
If manufacturing operates at a different location, the Security section of this document must be applied separately to that location 4
Atmel General Business Information Page 7 of 16
Secure Products Security Appraisal Form
ID number: (QA use only) Revision: (QA use only)
%
%
%
%
%
%
Atmel General Business Information Page 8 of 16
Secure Products Security Appraisal Form
ID number: (QA use only) Revision: (QA use only)
Ownership, and control of company continued Please list all other associated, owned or partial owned companies:
Delete as appropriate
Company history and information Date company was founded Has the company operated under any other name (past or present)?
Yes
No
Yes
No
Yes
No
If YES, please give details
Have any company directors held directorship in any other company (past or present)? If YES, please give details
Is the company already involved in security conscious business? If Yes, for how many years? And in which area
If no, please define current interest
Approximate annual turnover of company Total number of employees’
Atmel General Business Information Page 9 of 16
Secure Products Security Appraisal Form
Atmel General Business Information Page 10 of 16
ID number: (QA use only) Revision: (QA use only)
ID number: (QA use only)
Secure Products Security Appraisal Form
Revision: (QA use only)
Delete as appropriate
Use of products Has/is the company involved in any business practice that would involve the illegal use of Atmel products?
Yes
No
Can the company’s products be misused to attack Pay TV, financial or other secure systems?
Yes
No
To the best of your knowledge, have any of the company’s products been used or are being used in counterfeiting activities?
Yes
No
If so, please explain the actions taken by the company to avoid further misuse:
Additional information Please use this space to include any other supporting information that may be useful to your application:
Signed: Company Representative
Date:
Atmel General Business Information Page 11 of 16
ID number: (QA use only)
Secure Products Security Appraisal Form
Revision: (QA use only)
Section B – To be completed by Atmel Representative Delete as appropriate
Fast track approval option
Does the company hold security approval from any other smart card organization? E.g. Common Criteria, Itsec, Visa, MasterCard, government authorities or local banks Yes
No
Identify approval held and date of last security review Certificate issued by: Certificate No: Last Review Date: Please include a copy of the relevant Certificate when submitting to Atmel Security & Risk Management Group for review and approval In the event that company hold security approval from any other recognized smart card organization and copies of the relevant Certificate is provided ‘Fast Track Approval’ can be implemented. In this case Section A must be completed by the company and Section B should be signed by the Atmel representative. Final review and approval will remain the responsibility of the Atmel Smartcard Security Group at East Kilbride.
Atmel General Business Information Page 12 of 16
Secure Products Security Appraisal Form
Smart Card Development area security review Are Smart Card development projects carried out in a controlled area?
ID number: (QA use only) Revision: (QA use only)
Delete as appropriate
Yes
No
What access control mechanism(s) is used for the above area?
Who controls and authorizes access to this area? And is there a dual signature required for this authorization?
Yes
No
Is Smart Card related information kept in a lockable strong cabinet or safe?
Yes
No
Is such storage allocated on an individual or a group basis?
Individual
Group
Is there a procedure for controlling access to sensitive Smart Card information and development hardware, which ensures projects are maintained separate from each other?
Yes
No
Is there a procedure for restricting copy or removal of information and development hardware from company's premises?
Yes
No
Protected against unauthorized access?
Yes
No
Standalone with no connection with the outside world?
Yes
No
If networked, is access to Smart Card network limited and controlled?
Yes
No
Are computers used for Smart Card development…
Please define Password controls and how they are implemented including period after which change is forced by system or administrator. Atmel General Business Information Page 13 of 16
Secure Products Security Appraisal Form
ID number: (QA use only) Revision: (QA use only)
If external access is possible please define control methods and who controls it?
Delete as appropriate
General building security Is an access control system used?
Yes
No
If yes, specify method used and policy in the event of a lost or misplaced access card.
Are employees required to wear ID badges?
Yes
No
Are close circuit monitors fitted?
Yes
No
If yes, identify areas covered and define recorded tape retention policy
Are intruder alarm systems utilized as a security tool?
Yes
No
If yes, describe briefly alarm sensor types in use and response to incident alarm by management
Are the premises guarded during and after work hours?
Yes
No
Are the guards' contractors?
Yes
No
Atmel General Business Information Page 14 of 16
Secure Products Security Appraisal Form
Is there a policy, which defines training requirements and where guards are contractors identifies a core group of guards who are accepted as suitable for the task?
Yes
Atmel General Business Information Page 15 of 16
ID number: (QA use only) Revision: (QA use only)
No
ID number: (QA use only)
Secure Products Security Appraisal Form
Revision: (QA use only)
Conclusions by Atmel Representative Delete as appropriate
Compliance Is documentation available for all above mentioned procedures?
Yes
No
Don’t know
Are procedures regularly reviewed and audited?
Yes
No
Don’t know
Delete as appropriate
Recommendation Have all CAP documents been completed? Non disclosure agreement (either standard or mutual)
Yes
No
Security Verification – Silicon
Yes
No
Security Verification – Development Tools & Information
Yes
No
Export Documentation (outside EU and member states only)
Yes
No
Do you recommend that the customer receive approval?
Yes
No
Additional comments in support of approval
Signed: Atmel Representative
Date:
Atmel General Business Information Page 16 of 16
Related Documents
Secure Products Security Appraisal Form
October 2019 9
Security Products
May 2020 4
Appraisal Form
April 2020 7
Appraisal Form
November 2019 17
Appraisal Form
April 2020 13