CETIC’s Software and System Engineering department is actively helping
enterprises and organisations to improve the quality of their IT- or IS-related processes and software products, throughout the software life-cycle process.
We also help our customers reduce safety and security risks in simple to critical production environments.
Development Process Assessment
We provide the following organisational-level audit :
- IT software development process improvement model (OWPL) evaluation, to identify weaknesses and correct them using micro- and full
IT Project Quality Improvement
We provide ad hoc support and project assistance in specifi c life-cycle
stages, such as :
- Requirements analysis : production of precise requirements documents ;
for example, for an invitation-to-tender process.
- Software development effort estimation : functional size, effort and
cost estimation services based on requirements, for end-customers
and software factories (COSMIC).
- Software analysis and design : reverse engineering activities, software
architecture review and advice.
- Code quality : punctual/continuous code quality assessment and
improvement advice, as part of internal quality procedures or for the acceptance of code developed externally, using a large set of static analysis tools (CQC, CAST, etc.).
CETIC also offers global project guidance : retro-documentation, knowledge
management, OWPL assessment and the Agile development methodologies.
Security & Safety Standards Readiness and Certification
Security-related services :
- Code analysis for security (vulnerability detection) using advanced tools.
- ISO 27002-based light security micro-assessment to evaluate security
maturity related to security practices and to prioritize security investments from a risk management perspective.
- Common Criteria for Information Technology Security Evaluation (ISO/
IEC 15408) : helping companies prepare their protection profi les or security targets prior to a Common Criteria evaluation.
Safety-related services :
- Code analysis for reliability (run-time errors, exceptions) using advanced tools.
- Safety assessment/coaching based on generic IEC 61508 or domain specific standards, such as DO-178B for the aeronautics domain or
Gamp for biotech/clinical research.