Prior Approval

The Netherlands has implemented the ‘prior approval model’ for CSA certification at assurance level High.

Under this model, the commercial Conformity Assessment Bodies (CABs) conduct the certification and evaluation activities themselves.

The Dutch National Cybersecurity Certification Authority (NCCA) oversees this certification process in close communication with CABs. Information is collected so that the certificate can be issued more swiftly at the end of the process. In addition, the use of certification knowledge and expertise in the market continues to be optimised while working with the prior approval model.

Dutch NCCA Prior Approval Certification process
Illustration showing the involvement of the Dutch NCCA in the certification process if the CAB needs prior approval from the Dutch NCCA to issue a certificate. The focus on proactive monitoring improves the efficiency and timeliness of the process.

To issue a certificate at the assurance level High, a body that performs certification activities needs an approval from the NCCA prior to issuing the certificate. The NCCA will therefore perform a formal review before the certificate will be issued. The Dutch NCCA strives to make the review process as efficient as possible for the CABs. Early monitoring of the certification process by the Dutch NCCA leads to shorter review times at the end of the process. 

The Dutch implementation of the prior approval model ensures that the certification process as a whole is efficient and transparent for all involved parties.