Acquiring ICT solutions from vendors requires more than just selecting the right technology. It involves a comprehensive approach to cybersecurity that safeguards sensitive data, preserves operational continuity, and fosters digital trust.

The decision to purchase certified ICT products, services, or processes gives consumers a greater assurance that the items are cybersecure over those that are not certified. Since certified products have undergone independent third-party evaluation consumers opting for certified ICT solutions do not have to rely solely on vendors' claims about the solutions' cybersecurity posture.

Procurement of cybersecure ICT solutions starts with identifying the relevant and applicable scheme. For instance, 5G network elements or 5G Network functions will be certified under EU5G scheme. Cloud services will be certified under EUCS scheme and EUCC will cover a broad spectrum of different products and processes, including Integrated Circuits, network devices, software applications, operating systems, Smart Cards, production sites, etc.

Understanding your risk exposure to cybersecurity threats will give you insight about the assurance level that you or your organisation should be looking for in the certified products, services, or processes. For instance, a basic assurance may be adequate for ICT solutions handling non-sensitive data. However, a basic assurance may not be adequate for a secure element used in an electronic passport. The sensitivity of passport data should be covered under a high assurance certificate given the risks to which it may be exposed.