The first private IT Security laboratory accredited by the United States National Institute of Standards and Technology (NIST) with a mission to provide accredited IT Security assurance services to customers worldwide.
Over the years we have expanded our services by investing in multiple formal accreditation programs. Our independence allows us to remain objective and serve our customers free from any potential conflicts of interest. With Independence, Integrity, and Trust as our foundation, we provide the highest quality, most objective, independent security assurance services available. Our staff includes experts in cryptography, computer engineering, software security, systems architecture, physical security, site security, vulnerability analysis, penetration testing, project management, and security assurance.
What We Do
As a uniquely qualified trusted third-party, UL aligns our customers and regulators with a collaborative approach that allows our customers to achieve the security assurance and/or certifications they desire. With our expertise across multiple areas of IT Security, our process allows us to educate and train our customers in order for them to achieve their goals in the most cost effective and time efficient manner possible.
Sectors We Serve
UL Healthcare IT & Security serves three primary sectors:
Federally Mandated Sector
- FIPS 140-2 – Cryptographic Module Validation Program
- FIPS 201 – Personal Identity Verification Program
- Algorithm Testing – Cryptographic Algorithm Validation Program
- Common Criteria
- PCI PTS – PCI PIN Transaction Security Program
- ASVV – Approved Scanning Vendor Validation
- APCA – Australian Payments Clearing Association
- mPOS – VISA Ready Program for mobile Point of Sale solutions
Healthcare IT Sector
- ONC HIT Certification Program – Accredited Testing Laboratory and Authorized Certification Body for Electronic Health Records
- DEA EPCS Certification Program – Approved Certifying Organization
- Security Risk Assessment and Analysis
In addition to these primary sectors, UL offers a wide range of specialized security services.
In order to serve our customers, UL maintains multiple accreditations from the appropriate regulatory bodies, including:
- NVLAP Accreditation (NVLAP Lab Code 100432-0)
- ANSI Accreditation as a Certification Body under ISO 17065 (Accreditation ID #1046)
- PCI SSC Testing Laboratory
- PCI Approved Validator for Approved Scanning Vendors
- Australian Payments Clearing Association (APCA) Approved Evaluation Facility
- DEA EPCS Approved Certifying Organization (ACO)
- ONC Authorized Certification Body
In addition to the certifications required to perform testing for each UL sector, members of UL’s technical staff also hold the following independent security certifications:
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
- Offensive Security Certified Professional (OSCP)
As a Notified Body, MDSAP Recognized Auditing Organization and accredited Certification Body we cannot participate in the design, manufacture, installation or distribution of the products we certify or provide consultancy services related to those products. In addition, the UL Notified Body cannot provide certification services to companies that have been provided with consultancy services from other companies in the UL family. We also cannot link our activities to the activities of organizations that provide consultancy services. If you require such services please use an internet search engine to identify relevant providers.