Brussels, 23 July 2020: The Testing, Inspection and Certification (TIC) Council has published four overarching recommendations for safe and secure connected devices to help policymakers develop and adapt regulatory frameworks to ensure cybersecurity and privacy online. As citizens around the world become increasingly connected and nearly every activity, from banking and travel to shopping and fitness, becomes digitized, meeting the safety, privacy and security expectations of users are fundamental. Indeed, the greater the connectivity, the greater the risk to privacy, safety and security online. As such, users and businesses rely on policymakers to develop and implement the appropriate regulatory frameworks that will address the safety and security challenges without stifling business and innovation.
Analyzing this complex issue, the TIC Council came up with four recommendations that consider the challenges posed by the evolving nature of connected devices. Namely:
1. Consider the risks and use types of devices to adopt a risk-based approach to conformity assessment and involve a third-party in the conformity assessment exercise according to the device risk level.
2. Ensure that the regulatory framework enables conformity assessment certificates and reports to state the devices’ security and privacy scope, as well as their limitations, such as minimal support duration and re-evaluation procedures.
3. Ensure that the regulatory framework allows conformity assessment bodies to have access to compliance-related data of the devices, so as to conduct continuous conformity assessment even when the devices are in use
4. Ensure a holistic and global approach on minimum requirements for connected devices
TIC Council members help producers ensure that products remain compliant to legislation and respond to users’ expectations throughout their life cycle. The TIC sector contributes to “security-by-design” approaches by manufacturers and provides testing, inspection and certification services for hardware and software for connected devices and services. A regulatory framework based on the above recommendations would help the TIC sector to ensure that devices are continuously meeting required security standards, particularly considering software updates or risks that may have developed during operation.
TIC Council Director General, Hanane Taidi stated ‘In light of the ongoing review of the regulatory framework and the implementation of the Cybersecurity Act, we want to highlight that the TIC sector plays an important role in ensuring that connected devices reflect consumers expectations in safety security and privacy. However, to ensure our effectiveness, the TIC sector requires a regulatory framework that would enable the devices’ continuous and substantial conformity assessment. These recommendations reflect the commitment of our members to help the industry deliver the highest levels of cybersecurity and we invite regulators to take them into account when designing and implementing policies’.
About TIC Council
TIC Council is a global association representing over 90 international independent third-party testing, inspection, certification and verification organizations. The industry represents an estimated one million employees across the world with annual sales of approximately USD 200 billion
Media enquiries:
Laura Martin Communications Manager
TIC Council
Rue du Commerce 20/22
B-1000 Brussels
tel: +32 2 5115065
email: lmartin@tic-council.org
website: www.tic-council.org