A harmonised playing field for the European security industry
Security products, systems and services are some of the fastest growing markets, both internationally and in the EU. However, growing international competition and market changes indicate that, if no action is taken, the market share of European companies could greatly decrease in the coming years. To mitigate this risk, the EU-funded CRISP project helped develop a harmonised playing field for the European security industry by designing a robust scheme for security product certification. ‘Harmonising the European security market calls for a holistic, pan-European certification scheme, and this is exactly what the CRISP project set out to provide,’ says CRISP coordinator Ronald Boon. Adding the social and legal to the security mix Over the past decade, certification schemes have grown in popularity as a mechanism for encouraging and enforcing the protection of security systems. Nowadays, end users have become more discerning as they demand more accountability and quality checks throughout their supply chain. ‘Certification helps improve the service to clients, and it is highly appreciated as they feel much better treated and better understand their obligations,’ explains Boon. ‘In the end, certification allows end users to use a security system “even better”.’ With this in mind, CRISP researchers focused their attention on developing a novel evaluation and certification methodology for security systems that also integrates social and legal dimensions as assessment criteria. ‘We not only wanted the CRISP certification scheme to facilitate a harmonised playing field, we also wanted it to increase citizens’ trust and confidence in security technologies and, ultimately, provide protection in a more efficient manner,’ says Boon. The resulting methodology is based on a taxonomy encompassing a variety of security products and services from an array of applications, taking into account the varying roles of a diverse stakeholder community that includes manufacturers, regulatory/certification bodies, data protection authorities and end users. ‘The really pioneering part of the CRISP methodology is the assurance it provides that a system has been evaluated using the four STEFi dimensions (Security, Trust, Efficiency and Freedom infringement),’ says Boon. According to Boon, the integration of STEFi dimensions is particularly innovative as, traditionally, certification was primarily focused on the evaluation of technical requirements. Harmonised standards Key outcomes of the project include: a taxonomy of security products, systems and services; a report on security standards and certification in Europe; a certification manual and roadmap; and an implementation plan. However, its most important contribution is the publication of a standardisation document by CEN, a so-called CEN Workshop Agreement (CWA). This CWA describes the evaluation methodology and provides examples of criteria based on each of the STEFi dimensions. ‘Looking at recent developments, the CRISP project proposes a certification scheme that uniquely bridges the gap between security and privacy,’ concludes Boon. ‘Applying the scheme will also bring users in line with the new European privacy regulation (GDPR).’
Keywords
CRISP, cybersecurity, security, data privacy
