CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
Research approaches in standardisation and
certification: CRISP and HECTOS
Ying Ying Lau
Project manager CRISP
Netherlands Standardisation
Institute (NEN)
Anders Elfving
coordinator HECTOS
Swedish Defence Research
Agency (FOI)

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
Today
The HECTOS project: quick overview
The CRISP project: quick overview
Research approaches in certification
 HECTOS
 CRISP
Research approaches in standardisation
 HECTOS
 CRISP

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
The HECTOS project: quick overview (1)
September 2014 – January 2018
Support harmonisation of the European market by
producing a roadmap for the development of
Harmonised Certification schemes for Physical
Security Products

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
The HECTOS project: quick overview (2)

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
The CRISP project: quick overview (1)
 CRISP = Evaluation and Certification Schemes for
Security Products
 3 year project: April 2014 - March 2017
 Seven partners from seven European countries

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
The CRISP project: quick overview (2)
 Mission: to develop an innovative evaluation and
certification methodology for security systems, which:
 Contributes to measures that increase citizen trust in security
technologies through evaluating social impacts of security
systems and certification of systems that comply with the
protection of fundamental rights.
 Contributes to a more harmonised playing field for the European
security industry, through acceptance of security systems
across Europe, with no need for re-certification in each country.

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
The CRISP and HECTOS projects
 Common view on high level objectives
 Harmonisation of certification schemes
 Making use of standardisation
 Contributes to harmonised playing field for the European security
industry
 Different focus
 CRISP: Security systems, holistic approach
 HECTOS: Security products, technical approach
 Different research approaches

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
Certification in HECTOS (1)
 The diverse technologies and applications for physical
security products is a challenge
 Many schemes are needed - but in a Framework for
harmonised certification schemes for security products
 The HECTOS Framework is based on the ISO/IEC 17000
CA standards series, adapted and supplemented by
features to support the special requirements of security
products
 Adversarial testing, classified information, rapid evolving
threat/requirements, complex performance information are
examples of security-specific aspects

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
Certification in HECTOS (2)
Guided by Biometric and E&W
product case studies
HECTOS will present a high-level roadmap supporting the implementation of the
scheme Framework to progress towards EU harmonised security product
certification

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
Certification in CRISP (1)
 Absence of holistic approach to certification: inclusion of
STEFi criteria
 Scheme complementary, not competing
 Overall scheme (‘umbrella’), not replacing existing schemes or
standards
 Based on conformity assessment standards
 CRISP developed ‘building blocks’ for the certification
scheme for security systems
 Crucial building block is the CEN Workshop Agreement (CWA)
 Next steps towards certification
 Development of assessment criteria (certification body)
 Identify scheme owner

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
Certification in CRISP (2)

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
Research approaches to certification
 CRISP
 Based on conformity
assessment standards
 ‘Overall’ certification scheme
(complementary, not
competing)
 Holistic: including trust and
socio-legal requirements
 Developed CWA as basis for
certification
 For security systems
 HECTOS
 Harmonised framework for
security product certification is
based on ISO 17000
 Adopt succesful features of
existing systems. Adapt
special requirements of
security products
 Biometric and Explosives &
Weapons case studies
 Test & Evaluation focus; where
there are major differences
between types of products

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
Standardisation in HECTOS
 Standards as source of information
 Review of standards landscape for security products
Identification of
• most relevant standards
• types of standards
• types of requirements
• areas of missing or multiple standards
 Identify stakeholder requirements for standards
 Standardisation to promote key research result
 Liaison with CEN/TC 391 Societal and Citizen Security
 HECTOS will propose future standardisation activities
 Based on HECTOS harmonised scheme framework

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
Standardisation in CRISP
 Standards as source of information
 Development of glossary and taxonomy – make use of
standardised terms and definitions
 Review of standards, certification and accrediation for security
products – analyse state of the art
 Input for STEFi criteria– identify existing standards that have
specific potential us (no need for reformulating requirements)
 Standardisation to promote key research result
 Development of CWA ‘Guidelines for the evaluation of installed
security systems, based on the STEFi dimensions’
 Standardisation to engage stakeholders
 CWA = open workshop for all interested parties
 Use network of standardisation institutes

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
Approach to standardisation
 CRISP
 Much knowledge is in standards
which can be used in the
development of requirements
 Standards provide a good basis
for development of certification
scheme
 Developing the CWA has
‘pushed’ the project to present
the key research result in a
clear and unambiguous way
 HECTOS
 Understanding the standards
landscape and requirements
for standards have been
important input to
development of the HECTOS
framework and roadmap
 HECTOS plan to present the
harmonised scheme
framework as a proposal to
the standards community

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels
Summary
 Research approaches in standardisation and
certification: CRISP and HECTOS
 Towards harmonised certification schemes for European security
market
 Use conformity assessment standards as basis for development
of certification scheme
 Standards as useful source of information
 Standardisation to promote key research results