World first: Australian company gains Common Criteria security certification

Noggin’s OCA Software secures EAL2+ compliance

In a world first, Australian company Noggin has secured Evaluation Assurance Level 2+ (EAL2+) certification for its OCA incident management software under the Criteria for Information Technology Security Evaluation (Common Criteria or CC) standard.  This makes OCA the only incident and emergency software in the world to be certified to this level.

The EAL2+ evaluation places OCA on the Defence Signals Directorate’s Evaluated Products List (EPL) for the protection of classified information, the definitive list of certified IT products for use by Australian and New Zealand government agencies.   Additionally the EAL2+ Certification is recognised by the 26 member nations of the Common Criteria Recognition Arrangement, allowing OCA to be the only emergency management software listed on the Common Criteria portal.

James Boddam-Whetham, Noggin’s Managing Director, believes that the successful evaluation will have a significant impact on OCA’s international profile.

“Concerns about IT security issues are soaring world-wide. This certification immediately gives OCA an internationally respected accreditation, positioning it as a thoroughly tested and approved software.  

 As the only product in the world to achieve this level of certification in this sector, we anticipate significant demand from both commercial and government agencies facing a need for secure emergency management, counter terrorism and critical infrastructure programs.” 

OCA is used for the management of information and communications during critical situations across the Asia-Pacific region. It is already widely used in the Australian government security market and selected commercial organisations.  More than ten Tier One Federal Government agencies use OCA across different core areas and functions including emergency management, crisis communications and management, critical infrastructure and asset protection, event management, and disaster management.

Doug Stuart, COO of Stratsec, the company that evaluated OCA, explains the Evaluation Assurance Level program.

 “The Evaluation Assurance Level of an IT product or system is a numerical grade assigned following a rigorous security evaluation.  The increasing assurance levels reflect added assurance requirements that must be met to achieve Common Criteria certification. Compliance with EAL2+ demonstrates that OCA has passed stringent security evaluations, and also has processes in place to fix and securely distribute any security patches if required. This makes it the only software of its kind to have reached this level.

“It’s good to see an Australian company making this grade,” continued Stuart.  “There’s no doubt that this will catapult Noggin’s OCA software onto the world stage.”

Participant nations in the Common Criteria include Australia and New Zealand, Austria, Canada, The Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan, Republic of Korea, Malaysia, The Netherlands, Norway, Pakistan, Singapore, Spain, Sweden, Turkey, UKand the US.


About Noggin (

Noggin IT, the development company behind OCA, is an Australian success story. Noggin has been developing and implementing premium business web-based applications since 2000. Noggin’s systems enable businesses to mitigate and minimise risk through the improved management of information, the automation of business processes, and more effective and efficient communication with stakeholders and customers.

About OCA (

OCA- Organise. Communicate. Act.  OCA is next generation online software that helps government agencies and corporates manage issues, incidents & events and related communications to any number of stakeholders.  OCA allows proactive planning and is customisable to an organisation’s business processes. It is also interoperable, allowing different organisations using OCA to share content with each other in a secure way.

The primary applications of the OCA technology are in the planning and management of incidents and issues, infrastructure and assets, including:

  • Emergency, counter-terrorism, transport and mass gatherings / events
  • Law enforcement / police
  • Health and bio-preparedness
  • Business continuity and workplace safety
  • Government and citizen communications
  • Infrastructure and operations management

OCA is currently being used by Australian Government agencies at Commonwealth