Industry

Not only is TwelveDot helping companies and organizations with security, we are actively participating in several standards and industry groups.  Our goal is to provide our expertise to help protect not only our Canadian interests but our global customers.

Groups and Associations:

ISO/IEC

We are involved in multiple committees under ISO/IEC currently these include SC27 Information Technology Security, SC41 Internet of Things and related technologies, and P125 on Operational Technologies Functional Safety and Security.

SC 27 is the sub committee that focuses on the development of security standards for ISO/IEC. The more famous of the standards include the 27000 series and ISO 15408 for Common Criteria. However, with 5 Working Groups in SC27 we also cover off risk management, assessment, crypto, SDLC, networking, and privacy.

SC 41 is the sub committee that focuses on the development of IoT standards. The baseline standard of IEC 30149 IoT Reference Architecture has become a foundation standard for this group.

Faud Khan {our CEO and Founder} is currently the Canadian Chair for TSC Cyber which is the mirror committee for ISO/IEC SC 27. He is also the Canadian Chair for ISO/IEC SC 41 on Internet of Things and Related Technologies. He is also the Editor for Ed. 1 for ISO 29147 Vulnerability Disclosure, ISO 27400 IoT Security and Privacy Guidelines, and ISO 30149 IoT Trustworthiness Principles.

More info can be found here.

Ottawa-Gatineau Cyber Security Cluster

Being in the nations capital, we naturally have a core competence for cyber and defense. As a member of the cluster it reflects TwelveDot being recognized as a cyber security provider which includes breath of industry players and expertise that resides in Ottawa to not only to support our Federal Government but also businesses across Canada and globally. The depth of our cluster shows Canada’s capabilities in the cyber marketplace.

We are focused on “Cyber Security Service” group. More information can be found here.

Continental Automated Buildings Association (CABA)

The Continental Automated Buildings Association (CABA) is a leading international, not-for-profit, industry organization that promotes advanced technologies in homes and buildings. Its 350+ strong corporate members and 28,000+ individual industry contacts are leaders in advancing integrated home systems and building automation worldwide.

More information can be found here.

Standardization

Currently, we are quite active in the development of International Standardization within ISO/IEC and ITU. Our CEO, currently holds several roles in groups and currently include:
a. Canadian Chair for ISO/IEC SC 27 aka Technical Sub-committee Cyber (TSC) SC27 in Canada
b. Vice-Chair for ISO/IEC SC41 in Canada for Internet of Things and related technologies
c. Current editor for ISO/IEC 27030 Guidelines for Security and Privacy for Internet of Things
d. Co-editor of IEC 30149 Trustworthiness Framework
e. Convenor and editor of T200 Evaluation of software development and cybersecurity programs
f. Vice-chair of ISO/IEC SC 27 AG on Trustworthiness
The bulk of this work is under the following sub-committees:

ISO/IEC SC 27 – Scope of Work

The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as:


• Security requirements capture methodology;

• Management of information and ICT security; in particular information security management systems, security processes, and security controls and services;
• Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;
• Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;
• Security aspects of identity management, biometrics and privacy;
• Conformance assessment, accreditation and auditing requirements in the area of information security management systems;
• Security evaluation criteria and methodology.

SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas

IEC SC 41 – Scope of Work

Standardization in the area of Internet of Things and related technologies.

• Serve as the focus and proponent for JTC 1’s standardization programme on the Internet of Things and related technologies, including Sensor Networks and Wearables technologies.
• Provide guidance to JTC 1, IEC, ISO and other entities developing Internet of Things related applications.

CSA Group Standards (Overview)

CSA Group is recognized as a world leader in testing and certification. They are also well known to development of standards in North America. Among the fifty-seven different areas of specialization are business management and safety and performance standards, including those for electrical and electronic equipment, industrial equipment, boilers and pressure vessels, compressed gas handling appliances, environmental protection, and construction materials.
Most standards are voluntary, meaning there are no laws requiring their application. Despite that, adherence to standards is beneficial to companies because it shows products have been independently tested to meet certain standards. The CSA mark is a registered certification mark, and can only be applied by someone who is licensed or otherwise authorised to do so by the CSA.
CSA developed the CAN/CSA Z299 series of quality assurance standards, which are still in use today. They are an alternative to the ISO 9000 series of quality standards.
The current development of a program such as Cyber Verification Program (CVP) for product vendors has led to the development of a bi-national standard for IoT products. While under development the standard has the number of T200, the basis for this standard has been developed over a 2.5 year period were the methodology was field testing, updated and piloted with SMB vendors in the IoT sector. Once published this standard can be used to support purchasing decisions for businesses needing assurance to an IoT provider.
Laws and regulations in most municipalities, provinces and states in North America require certain products to be tested to a specific standard or group of standards by a Nationally Recognized Testing Laboratory (NRTL). Currently forty percent of all the standards issued by CSA are referenced in Canadian legislation. CSA’s sister company CSA International is a Nationally Recognized Testing Laboratory which manufacturers can choose, usually because the law of the jurisdiction requires it, or the customer specifies it.

Interested in what we’re doing?

Keep up to date with more exciting projects being launched by the TwelveDot team.