Zurich, August 5, 2024 – Tresorit, the data security specialist of Swiss Post Communication Services, has obtained the Common Criteria EAL4+ certification. This achievement underscores once again that the company provides a reliable and trustworthy platform for protecting sensitive data while enhancing the productivity and collaboration of its clients.

In today's digital landscape, trust is essential for secure, effective business collaboration on both national and international levels. Tresorit has taken another significant step forward, successfully obtaining the internationally esteemed Common Criteria certification at Evaluation Assurance Level 4+ (EAL4+), establishing a trusted benchmark for robust data protection.

Milestone for Tresorit

Tresorit’s solution is built on end-to-end encryption based on the zero-knowledge principle, where data is encrypted by the sender and can only be decrypted by the intended recipient, ensuring that only authorized users can access it. The zero-knowledge design also means Tresorit itself has no access to stored data. This approach establishes Tresorit’s security features as a gold standard, ideal for organizations handling highly sensitive information in sectors like healthcare, finance, and law. Tresorit also streamlines due diligence and compliance processes, which is essential as companies prepare for upcoming regulations like NIS-2, the EU’s new cybersecurity directive.

The international standard for trustworthiness

Common Criteria, or the Common Criteria for Information Technology Security Evaluation, is an internationally recognized standard for evaluating the security properties of IT products. Developed in the 1990s by unifying the national standards of Canada, Europe, and the USA, Common Criteria allows IT security solutions to be tested for trustworthiness. In late 1999, Common Criteria became the International Standard ISO/IEC 15408.

Key components of the evaluation

With the Common Criteria EAL4+ certification, the independent accredited lab CCLab has validated Tresorit’s cloud solution for the highest level of reliability across various security aspects. The assessment included an analysis of Tresorit’s platform architecture, the practical application of its functions, and a penetration test to confirm the security features withstand potential attacks.

Tresorit holds multiple certifications

Alongside the recent Common Criteria certification, Tresorit has received numerous certifications that confirm its systematic approach to securely managing and safeguarding both business and customer data. These include tremendous compliance efforts that can help our customers be compliant with CCPA (USA), GDPR (EU), and TISAX (automotive industry). Tresorit's ISO/IEC 27001:2022 certification was recently renewed by TÜV Rheinland based on the updated standard. For a complete overview of Tresorit’s certifications, visit our website.

About Tresorit

Tresorit, the data security specialist of Swiss Post Communication Services, is an end-to-end encrypted productivity solution for ultra-secure collaboration. It offers functions for the secure administration, storage, synchronization, and transfer of data. More than 12,000 organizations use Tresorit to protect confidential data and share information securely. Further information can be found at www.tresorit.com.