Currently, we are quite active in the development of International Standardization within ISO/IEC and ITU. Our CEO, currently holds several roles in groups and currently include:
a. Canadian Chair for ISO/IEC SC 27 aka Technical Sub-committee Cyber (TSC) SC27 in Canada
b. Vice-Chair for ISO/IEC SC41 in Canada for Internet of Things and related technologies
c. Current editor for ISO/IEC 27030 Guidelines for Security and Privacy for Internet of Things
d. Co-editor of IEC 30149 Trustworthiness Framework
e. Convenor and editor of T200 Evaluation of software development and cybersecurity programs
f. Vice-chair of ISO/IEC SC 27 AG on Trustworthiness
The bulk of this work is under the following sub-committees:
ISO/IEC SC 27 – Scope of Work
The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as:
• Security requirements capture methodology;
• Management of information and ICT security; in particular information security management systems, security processes, and security controls and services;
• Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;
• Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;
• Security aspects of identity management, biometrics and privacy;
• Conformance assessment, accreditation and auditing requirements in the area of information security management systems;
• Security evaluation criteria and methodology.
SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas
IEC SC 41 – Scope of Work
Standardization in the area of Internet of Things and related technologies.
• Serve as the focus and proponent for JTC 1’s standardization programme on the Internet of Things and related technologies, including Sensor Networks and Wearables technologies.
• Provide guidance to JTC 1, IEC, ISO and other entities developing Internet of Things related applications.
CSA Group Standards (Overview)
CSA Group is recognized as a world leader in testing and certification. They are also well known to development of standards in North America. Among the fifty-seven different areas of specialization are business management and safety and performance standards, including those for electrical and electronic equipment, industrial equipment, boilers and pressure vessels, compressed gas handling appliances, environmental protection, and construction materials.
Most standards are voluntary, meaning there are no laws requiring their application. Despite that, adherence to standards is beneficial to companies because it shows products have been independently tested to meet certain standards. The CSA mark is a registered certification mark, and can only be applied by someone who is licensed or otherwise authorised to do so by the CSA.
CSA developed the CAN/CSA Z299 series of quality assurance standards, which are still in use today. They are an alternative to the ISO 9000 series of quality standards.
The current development of a program such as Cyber Verification Program (CVP) for product vendors has led to the development of a bi-national standard for IoT products. While under development the standard has the number of T200, the basis for this standard has been developed over a 2.5 year period were the methodology was field testing, updated and piloted with SMB vendors in the IoT sector. Once published this standard can be used to support purchasing decisions for businesses needing assurance to an IoT provider.
Laws and regulations in most municipalities, provinces and states in North America require certain products to be tested to a specific standard or group of standards by a Nationally Recognized Testing Laboratory (NRTL). Currently forty percent of all the standards issued by CSA are referenced in Canadian legislation. CSA’s sister company CSA International is a Nationally Recognized Testing Laboratory which manufacturers can choose, usually because the law of the jurisdiction requires it, or the customer specifies it.