As part of our commitment to your digital security and privacy, UL is transitioning to a new email policy. Please confirm if you wish to continue receiving emails from UL containing best practices, education, industry research, news, updates and promotions related to UL products and services. Thank you!
Verifying and validating that secure product development and maintenance processes have been implemented.
UL Cybersecurity Assurance Program (CAP) also verifies that the vendor of a certified product has a viable road map to maintain the security of a product through an assessment of organizational processes.
The UL 2900-3 Standard contains general requirements for product development and maintenance security processes that are verified during an organizational assessment.
UL performs an organizational assessment with focus on the following domains:
- Patch management
- Security Development Life cycle
- Verification of industry-specific organizational processes, such as for the medical industry
Customers who choose CAP-certified products can expect that future patches, updates or new versions of the software used in a CAP-certified product will provide the same level of protection when compared with the product at the time of evaluation.