Rycombe Consulting logo

How we work

Most of our work is project based. We agree a set of requirements with a customer and then work these into a clear statement of work with well-defined deliverables, timescales and responsibilities. In order to allow our customers maximum control over their spending, we usually work to a fixed price.

The bulk of our work is taken up with Common Criteria and FIPS 140-2 evaluations.

* Common Criteria

Common Criteria projects are usually phased to fit in with the stages of a Common Criteria evaluation.

Initially we will work together to write a Security Target, either to a relevant Protection Profile or using a set of Security Functional Requirements applicable to the Target of Evaluation (your product).

Once this Security Target is accepted as a basis for evaluation, we can produce the other evidence to allow the test laboratory to evaluate the product.

Historically, we have concentrated on the higher levels of evaluation, usually EAL4 or EAL4+, but most schemes worldwide are now concentrating on EAL2 evaluation against Security Targets based on public Protection Profiles. This has the advantages that evaluations are quicker and cheaper to perform and also make it easier for potential purchasers to make like for like comparisons between different products.

* FIPS 140

We usually work in five distinct phases to most efficiently mesh with the evaluation process and to mitigate cost and risk.

Rycombe Consulting 1999-2020. All Rights Reserved.