Signify is one of the first lighting companies worldwide that has been awarded the security certification for its connected lighting development process (IEC62443-4-1) by DEKRA. This confirms that the company's development of connected lighting systems is based on a certified secure development process and illustrates the company’s leadership in embedding security in all aspects of its innovations, products, systems, and services.
Central elements of the IEC62443-4-1 certification are a threat analysis based on the use case scenario and a product development process which ensures that all identified security requirements are implemented, verified, tested, and documented with traceability. Signify has satisfied all requirements in this process. In addition, Signify has demonstrated its ability to react fast and appropriately to newly discovered security vulnerabilities and publish security updates in a reliable manner.
International expert organization DEKRA evaluated Signify’s development process on the IEC 62443-4-1 fundamental security requirements. Signify meets all requirements set out in the standard by rigorously following its Signify Security Development Lifecycle (SDL) in all internal and external development activities. Major components of the SDL are a security risk analysis and threat modeling, code analysis verification and validation testing, and continuous vulnerability management.